Hurricane Sandy is still wreaking havoc but at least the storm is over, right? Not for Hackers! In a time of tragedy and need, for many whom have lost everything, it’s a shame to have to write about scams involving the victims. Unfortunately, hackers are hoping to take advantage of your generosity. Phishing scams are nothing new and they continue to deceive people even those familiar with their scams. It’s just as simple as an email or website leading you towards donating right into their pockets.
Apple is getting exposed with a jailbreaker claiming an SMS vulnerability. Apple’s iOS reads key SMS data which allows scammers to break in and access sensitive information from iPhone users. This breach allows the hacker to change the reply to a number in an SMS text, so the user could be easily duped into thinking they are receiving a text from a trusted source, when it is actually someone on the other end trying to gain your sensitive information.
Webroot has recently been successful with its tool for PC’s, smartphones and tablets. Secure Anywhere Complete 2012- 3 is a faster and less-intrusive software that doesn’t take-up large amounts of space and allows your devices to run smooth and quickly.
Every day, hackers are finding unique ways to breach domains. They are getting by IT departments’ firewalls and protections at ease. Now, they have adopted another method to prolong the life of Web-based attacks, according to the security firm Symantec.
A domain-generation technique has recently been witnessed in a series of drive-by download attacks to infect Web users with malware. This botnet-type malware is targeted towards compromised sites, and then launches the attack by relying on rogue code injected into the website and redirects their visitors to external domains that host exploit toolkits, such as Black Hole. This process is done through hidden iframe HTML tags.
Security breaches occur every day – whether hackers attack your servers to bring you down for the fun of it or they try to obtain sensitive data for monetary gains. These attacks can come in the form of malware, which can be malicious internet links or authentication breaches, not to mention phishing attacks, which are usually sent through fake emails. They all can catch non-profits and associations off guard without having a good IT support provider or IT department to protect you.
If you have a business, and you are using Dropbox.com, you do not want to store any of your files on its cloud-based storage system. They have proven that they are not (for now, at least) an enterprise-ready company, given the latest unfortunate news of user passwords being compromised.
Organizations using Dropbox.com should consult with IT departments or IT support service providers to make sure no classified or sensitive material exist on its cloud-based storage system. This, in fact, does show the vulnerability of cloud computing, but it’s usually not the case for the majority of the providers out there, that have major security policies in place to prevent such a compromise.
The security breach started with a stolen employee password, which led to the theft of a “project document” that contained user e-mail addresses. Confirmed by Dropbox on Tuesday, the hacker with the stolen information proceeded to spam European users of the cloud-based service with ads of gambling websites.
Hackers and Cybercriminals are trading stolen information at an astonishing pace this year. Swapping and selling of personal information has soared 300% alone in the first four months of 2012. Many security companies predicted that we would see skyrocketing figures of Cybercriminal attacks using malware or hacking network systems and they are being proved correct.
Experian, an expert in credit evaluations and market research reported these alarming facts and figures. They concluded that “12 million pieces of personal information were illegally sold during the four-month period, 90% of which consisted of login details and passwords. The figures dwarf the credit agency’s data for last year, which totaled 9.5 million.”
“The reason password and login combinations make up nine out of ten illegally traded pieces of data is because they give access to a huge amount of other valuable information, such as address books and related accounts,” said Peter Turner, managing director at Experian Consumer Services in the UK and Ireland.
An online Android forum was recently hacked with over a million user accounts being compromised. Members of that Android forum are being encouraged to immediately change their passwords following last week’s serious breach.
The type of information that was compromised from the Android user’s database, included, at a minimum, such sensitive items as unique IDs, user names, emails, hashed and ‘salted” passwords, and registration IP addresses. The hack is reportedly an email harvesting attempt.
Hacking occurrences are no longer rarities. They have become common place to the point where there is usually a daily news item about these events in media outlets everywhere. Such unauthorized incidents result in user accounts, banks accounts, and confidential company data being stolen and compromised.
Yahoo.com, for example, was in the news last week as many of their accounts were hacked, with over 450,000 users affected. This clearly demonstrates the absolute necessity of organizations everywhere adopting stringent IT security measures, no matter what its size.
Most hackers try to leverage the weakest points in organizational networks, using tools such as phishing attacks. Eliminating compromised PCs or setting up permissions for users from wandering around the network looking for poorly protected data is easy when the network is segmented using internal firewalls.
D33DS Company – who, or rather what is that, you are probably asking right now? That was my sentiment exactly when hearing about this new hacker group — a group that has apparently published over 450,000 passwords of Yahoo Voice users. Yahoo Voice, you may recall, is Yahoo’s voice over internet-protocol service (VOIP), which runs on their Yahoo Chat service.
These new breeds of hackers have been able to breach an “unknown” subdomain of Yahoo’s website, where they were able to obtain unencrypted account details. Clearly, this was just a wakeup call to demonstrate Yahoo’s security vulnerability and apparently not a direct threat to Yahoo.
As the smartphone market has revolutionized the cell phone market, they’re also changing the way we conduct business and give users access to emails and files in the palm of their hand. Nothing is left behind at the office because the smartphone is the new on-the-go laptop replacement. The fact is that smartphones are in the workplace; therefore, it is important for IT support providers to apply the proper security requirement for BYOD users, as well as, applying Sandbox methodology for BYOD users in their network environments.
The downside is that it is also a primary target for cybercriminals and hackers. The more technology improvement and advances on the smartphone lead to increases in creative attacks. For example, when the Droid Dream was exposed, Google introduced Android Market Security Tool. Hackers where able to access the tool and introduced a Trojan which then was sent back out to users through a third-party Chinese market. Google, in turn, responded with releasing a “kill switch” that automatically killed the malware from the infected smartphones.
The company Webroot has responded with a successful tool release for PC’s, smartphones and tablets. Webroot Secure Anywhere Complete 2012- 3, is a faster and less intrusive software that doesn’t take up large amounts of space and allow your devices to run smooth and quickly. The total package even includes the ability to share your passwords, photos, and music between your mobile devices and PC’s.