Category Archives: Alerts

ALERT! Reboot Your Router NOW! – ALERT!

The FBI has issued an urgent warning and request to everyone who owns a home router to reboot the device to thwart a Russian cyber attack. Cisco security researchers at the company’s cyber intelligence unit by the name of Talos warned of the attack by malware named VPNFilter.  According to Talos VPNFilter has infected an estimated 500,000 consumer routers in 54 countries. Routers targeted are Linksys, MikroTik, Netgear and TP-Link, and potentially others.

On Friday the FBI warned that anyone with a small office or home office router (SOHO) reboot their devices to stop the malware. Rebooting is simply turning the device off and then back on again.

According to the FBI the threat is  “significant.” The FBI warning stated that the malware, once it has infected the router, could stop the router from working, collect user information from any device connected to it and possibly block network traffic.

The Justice Department  has reported that the malware is connected to a Russian government backed cyber espionage group that’s been called Sofacy, APT 28 or Fancy Bear by researchers. 

The problem is that the FBI can’t determine how VPNFilter is getting on people’s systems. By rebooting the router owners can disrupt the malware and delete parts of it’s code. However, the router can be reinfected.

As part of the operation to shutdown the malware attack the FBI, armed with a court order, seized control of a key server in the Kremlin’s global botnet of hacked routers.

The seizure destroys VPNFilter’s ability to reactivate after a router reboots, according to Vikram Thakur, technical director at Symantec. “The payload itself is non-persistent and will not survive if the router is restarted,” said Thakur. “That payload will vanish.”

You can check the security of your router free by visiting  F-Secure.com Router Check.

See also: Oregon FBI Tech Tuesday: Building a Digital Defense Against the “VPNFILTER” Malware

 

 

ALERT! Equifax Hit by Major Data Breach ALERT!

Equifax, one of the major credit reporting agencies, is the victim of a major data breach affecting over 140 million Americans.  The data lost includes names, Social Security numbers, addresses, birthdays and driver’s license numbers. In addition, credit card numbers of over 200,000 American consumers, and certain dispute documents with personally identifying information for another 182,000 U.S. consumers were also accessed. Equifax reports it has found no evidence of unauthorized activity on its consumer or commercial credit reporting databases.

The breach is considered so serious that Equifax is not only offering credit monitoring for those affected but potentially every American.

Equifax Chairman and CEO Richard Smith said in a statement that the breach was first discovered in July and had been ongoing since May.  According to Smith hackers “exploited a U.S. website application vulnerability to gain access.”

EquifaxSecurity2017.com website has been provided for information about the breach. A statement on the site said, “Regardless of whether your information may have been impacted, we will provide you the option to enroll in TrustedID Premier.”

Equifax has also set up a dedicated call center for consumers with additional questions at 866-447-7559. The call center is open seven days a week from 7:00 a.m.-1:00 a.m. EST.

TrustedID Premier is a service offering from Equifax which includes monitoring of not only it’s own records but that of Experian and Transunion as well. Equifax, Experian and TransUnion make up the big three credit reporting agencies. The service monitors for identity theft and performs Internet scanning for Social Security numbers. The service is free for one year. Using TrustedID Premier consumers also have the ability to lock and unlock Equifax credit reports and obtain identity theft insurance.  Recently Experian began offering a service that scans the dark web for personal information .

Equifax has stated that in addition to notifying law enforcement, it has teamed with a  “leading, independent cybersecurity firm” to investigate the breach but that company has not been named.  The company said their investigation is “substantially complete,” but will continue for a few more weeks.

In a closely related story it has been reported that Equifax executives sold shares in the company worth $2 million.

According to CNBC three executives of Equifax sold the shares days after the data breach was discovered.  The information was revealed in Securities and Exchange Commission filling.

The executives were named as Chief Financial Officer John Gamble Jr., Workforce Solutions president Rodolfo Ploder and U.S. information solutions president Joseph Loughran. The sale of the shares was done on the 1st and 2nd of August. The data breach was discovered by the company on July 29th.

According to Equifax the three executives, “had no knowledge that an intrusion had occurred at the time they sold their shares.”

The SEC declined to comment on the share sales.

ALERT!-Google Docs Phishing Attack-ALERT!

Right now millions of email users are getting a seemingly innocent email asking them to view a Google Docs file. DO NOT CLICK ON IT! DELETE IMMEDIATELTY!

The email takes the user to an excellent replica of the Google Docs page you would normally see. The hackers are so clever they have copied the newest version of the page. To make matter worse the URL or web address is very close to the real Google Docs web address. The email itself will look as if it came from a legitimate email address and even uses a .gov email address.

The email does not deliver any malicious malware that we know of. But it does steal user names and passwords.

In a statement a Google PR representative said; “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

Google sent out another statement, this time directly from Google that read; “We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.

If you have recieved the suspect email there are a few things you can do.

  1. Do not click on it even if it comes from someone you know. Always be suspicious of links and attachments you are not expecting or do not know where they come from. Anytime you get an email containing a link or attachments contact the sender and ask what is it. They may not know their email is being used to send out spam or malware.
  2. Use multi-factor authentication. Many websites offer multi-factor authentication. It is simply and extra step to protect you on the web. The system often works by sendng a second code via a text message to your smartphone. This is great when you are using a computer you don’t normally use and can prevent hackers from accessing your accounts or stealing passwords.
  3. If you have already clicked on the suspect email or are not sure then you can cancel third party access by visiting this Google site. Also change your Google passwords.
  4. Finally report the incident by clicking the downward arrow at the top right of your inbox and selecting “Report Phishing.”

Remember, try to avoid catching “click around fever.” This is the compulsion to click on links or attachments in your email or visit websites just out of curiosity. Many malware infections and viruses can be had by what’s commonly known as a drive by download.  This means the instant you click on the wrong thing or visit the wrong website you’re infected.

ALERT! – Cloudflare Discovers Major Bug – ALERT!

Cloudflare, a content delivery and security service, announced a major bug has been discovered that may have exposed users sensitive data on millions of websites. The bug, dubbed ‘Cloudbleed’, was discovered in Cloudflare’s content optimization systems. Exposed data includes passwords, session cookies, authentication tokens and even private messages. The consequences are considerd extremely dangerous. Web users are urged to change their passwords on ALL websites immediately!

You may not have heard of  Cloudflare but it is one of the world’s largest Internet security companies. Cloudflare’s technology is running on millions of websites and in Fortune 500 compnaies. Cloudflare describes itself as a “web performance and security company.”

Cloudfare’s systems modifies HTML pages passing through its servers in order to rewrite HTTP links to HTTPS. This process hides certain content from bots, conceals email addresses, enables Accelerated Mobile Pages (AMP) and more. Cloudflare’s clients include huge companies like Uber, OKCupid,  FitBit and 1Password. 1Password claims its user data is safeBut with the millions of websites using the service it makes this bug an extremely serious threat.  The result is that massive amounts of sensitive data has potentially been compromised.

The data leak was accidently discovered on February 18th by Google security engineers. They immediately alerted Cloudflare. The company responded by quickly assembling an incident response team and shut down the feature causing most of the data leakage within hours. By the 2oth a complete fix was in place. The rest of the time, until the incident was publicly revealed, Cloudflare worked with search engines like Yahoo! Bing and Google to remove the sensitive data from their caches.

According to a blog post from John Graham-Cumming, Cloudflare’s CTO, the leaks could have been going on since September 22. However the period of greatest impact was between February 13 and February 18, when the email obfuscation feature was being migrated. Cloudflare estimates that around one in every 3.3 million HTTP requests that passed through its system potentially resulted in memory leakage.  That equals roughly 0.00003 percent of all requests.

But that does not negate the seriousness of the data leak. Sites that don’t use Cloudflare’s service, but have a lot of Cloudflare users, might have compromised data on their servers. This means the problem has spread all over the Internet. 

In an interview with Gizmodo Cloudflare CEO and co-founder Matthew Prince said, “This is a big deal for us. This is a really bad bug. This is something that our customers should be very cognizant of and should take very seriously.”

Everybody that uses any website is strongly urged to change your passwords immediately. As in right now!

 

ALERT! – Amazon Email Scam – ALERT!

amazon-logoCyber criminals are sending out fake Amazon emails telling you that there is a problem with your order.

Customers are being told to resolve the problem by clicking on a link to confirm certain information. The scam warns victims failure to do so will freeze their Amazon account. 

The email directs people to a replica Amazon website. These websites are excellent forgeries and can fool even experts. It makes it very easy to fall for the scam.

Once on the fake website the customer/victim is asked to input personal information. When customers/victims have entered in their details, they are asked to click a ‘Save & Continue’ button. This then takes them to Amazon’s official website making it even more difficult for most people to suspect or detect any fraudulent activity.

Don’t fall for this scam. If you receive this email contact Amazon customer support to check your account. Do not click on any link in the email and don’t use the phone number in the email. That could be the scammer as well. Even if the email is real you are better off being safe than sorry. You can learn more about this scam and how to protect yourself by visiting Get Safe Online.