Eric Brown

Recent Posts

In the Know - Cyber Security Update - Week of July 23th - July 30th

Posted by Eric Brown on Jul 31, 2017 8:31:42 AM

A fish tank leaks data, Uber drivers defrauded by social engineering scam, over a billion smartphones susceptible to Wifi worm, malware campaigns turn to .iso files, and attackers use FruitFly to spy on Mac users. 

1. An internet connected fish tank at a Casino leaks gigabytes of information to hackers.

Recently a fish tank has been added to the list of IoT (Internet of Things) connected devices that have fallen victim to cyber-attack, a report from Darktrace shows.  The fish tank had sensors connected to a PC to monitor water condition, and temperature. 

Attackers were able to connect to the IoT device, compromise one of these sensors and move to other vulnerable areas of the casino’s network and send out data. 

Darktrace Report:

https://www.darktrace.com/resources/wp-global-threat-report-2017.pdf

Read More

Topics: Education

In the Know - Cyber Security  update - Week of July 16th 2017

Posted by Eric Brown on Jul 23, 2017 9:31:50 PM

More malware finds MacOS, French domain registrar loses control of 751 domain names, attackers demonstrate taking full control of a Segway MiniPro (while its being ridden), the Devil’s Ivy exploit leaves millions of IOT devices vulnerable, and more cryptocurrency is stolen, $30M more. 

1.  OSX/Dok targets Macs in bank account theft.

Due to the rise in popularity of Macs (3x market share growth in the last decade – Gartner) and the (false) stigma that Macs are invulnerable to malware, we are seeing a rise in the number of malware ports from macOS to windows.

Repackaged Windows Retefe Trojan has become OSX/Dok on Macs.  This new Mac malware is pushing Signal, a private messaging app onto victims’ mobile devices as part of a complex operation to steal banking credentials.  The initial attack starts with a phishing email that includes a malicious application signed with an Apple certificate which helps to bypass macOS Gatekeeper (an app that verifies apps haven’t been tampered with since they were signed).

 After a successful install, the malware OSX/Dok disables security updates and blocks communications with Apple and antivirus websites.  Next, a Tor browser and proxy file are installed, which setup a man-in-the-middle attack and redirect user traffic to a list of banking sites to a fake sites hosted by the attackers such as cbhbank, credit-suisse, etc.  Once the attackers have captured the victim’s account information they have access to do whatever they want with it.

When the victim visits one of these sites (hosted by the attacker) they are prompted to enter a mobile number to receive a download link for a mobile application (Signal – an encrypted messaging app).  While Signal isn’t directly used in the attack, researchers believe that the platform may be used to communicate with the impacted user at a later date.

More info and screenshots:
https://www.grahamcluley.com/dok-mac-malware/

2.  Gandi.net domain name registrar hacked – losses control of 751 domains
An unauthorized connection to a technical partner resulted in the modification of the name servers controlling 751 domain names pointing their traffic to a malicious site.

The attacker was able to make the changes by accessing the web portal of a technical partner using covertly gained login-credentials.  It is believed that the credentials were obtained from an insecure connection to the technical partner’s web portal (the platform allows access via http).

Additionally, the attacker also hijacked email, DNS MX, and SPF records.  The domain hijacking event also broke incoming HTTPS traffic to the affected domains. 

Read More

Topics: Education

In the Know - Cyber Security  update - Week of July 9th 2017

Posted by Eric Brown on Jul 16, 2017 10:11:01 PM

Girl Scouts gear girls up for cybersecurity jobs, WWE exposes a massive amount of data on its customers, AT&T transfers a phone number to attacker, bitcoin mines beneath datacenters, and a study shows that Thursday is the day that receives the highest number of malicious attachments.

Read More

Topics: Education

In the Know - Cyber Security  update - Week of July 2nd 2017

Posted by Eric Brown on Jul 10, 2017 8:23:27 AM

Last week brought two bitcoin related attacks, largely the result of successful social engineering (voice phishing), one on South Korean bitcoin exchange, BitThumb and the second, a website hijack of  classicetherwallet.com.   AV-Test’s comprehensive security report shows Mac and Android malware on the rise.  Servers of Intellect Services, authors of M.E.Doc raided by Ukrainian Police.  And finally, a BIND flaw is patched.

Read More

Topics: Education

In the Know - Cyber Security  update - Week of June 26th 2017

Posted by Eric Brown on Jul 3, 2017 8:19:24 AM
1.  Blank Slate Ransomware Campaign

Empty email messages that don’t have a body, but contain an attachment are something to be mindful of.  If this type of email makes it through your spam and malware filters its best to delete it right away.   However, a new Blank Slate campaign has emerged which contains a Microsoft-themed email body.  The email suggests that your Microsoft account was just logged into and that if you didn’t do so then you should click on a link to report that you didn’t login.   Once you click on the link it will download a zip file which containing javascript which leads to crypto ransomware.

Read More

Topics: Education

In The Know - Cyber Security Update - Week of June 19th 2017

Posted by Eric Brown on Jun 26, 2017 8:30:59 AM
1.  Google will stop scanning its 1.2+ billion Gmail account inboxes for ad personalization

Google aims to align its free consumer email service (Gmail) with its G Suite business class offering.  This includes no longer using Gmail inboxes as input for ad personalization.  Google claims that this change will bring Gmail ads in line with the way ads are personalized for other Google products.  While inboxes may no longer be directly scanned for ad personalization, Google likely has other ways to gather this information.

Read More

Topics: Education

In The Know - Cyber Security Update - Week of June 12th 2017

Posted by Eric Brown on Jun 18, 2017 9:50:21 PM

1.  Mac Ransomware as a service and Mac spyware released

Read More

Topics: Education

Fighting Back Against Ransomware

Posted by Eric Brown on May 15, 2017 11:24:46 AM

As you’ve probably seen in the news this weekend, criminal hackers have released a new strain of ransomware that spreads itself automatically across all workstations in a network, causing a global epidemic. If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation, but immediately everyone else's computer too. 

Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: "When in doubt, throw it out!"

Read More

Topics: Education

Is Your Firewall Catching Everything? Let Cyber Advisors Help You Find Out.

Posted by Eric Brown on Jan 9, 2017 9:55:00 AM

With security at the forefront of every IT leader's mind, it's easy to question whether or not your firewall is catching everything. The complimentary Dell SonicWALL Application Risk Management Report (SWARM) could be just the validation you need to make an executive-level business case for your security priorities. After 1 week of traffic data, we can give you feed back on how your firewall is performing. 

Read More

Topics: Offers, Education

About this blog

Welcome to the Cyber Advisors Blog.  Please take a moment to read through our content.  If you would like more information on any of these topics, simply reach out to us via contact information below.  If you find our content valuable, please subscribe.  

 

 
 
Would you like to hear from us? Click Below!
Learn More

Subscribe Here!

Recent Posts