Cybercrime Groups Continue to Flourish on Facebook, Liquid Video Technologies, Greenville South Carolina

Cybercrime Groups Flourish on Facebook

You might be surprised what you can buy on Facebook, if you know where to look. Researchers with Cisco’s Talos security research team have uncovered a wave of Facebook groups dedicated to making money from a variety of illicit and otherwise sketchy online behaviors, including phishing schemes, trading hacked credentials and spamming. The 74 groups researchers detected boasted a cumulative 385,000 members.

Remarkably, the groups weren’t even really trying to conceal their activities. For example, Talos found posts openly selling credit card numbers with three-digit CVV codes, some with accompanying photos of the card’s owner. According to the research group:

The majority of these groups use fairly obvious group names, including “Spam Professional,” “Spammer & Hacker Professional,” and “Facebook hack (Phishing).” Despite the fairly obvious names, some of these groups have managed to remain on Facebook for up to eight years, and in the process acquire tens of thousands of group members.

Beyond the sale of stolen credentials, Talos documented users selling shell accounts for governments and organizations, promoting their expertise in moving large sums of money and offering to create fake passports and other identifying documents.

The new research isn’t the first time that Facebook users have been busted for dealing in cybercrime. In 2018, Brian Krebs reported 120 groups with a cumulative 300,000-plus members engaged in similar activities, including phishing schemes, spamming, botnets and on-demand DDoS attacks.

As Talos researchers explain in their blog post, “Months later, though the specific groups identified by Krebs had been permanently disabled, Talos discovered a new set of groups, some having names remarkably similar, if not identical, to the groups reported on by Krebs.”

“While some groups were removed immediately, other groups only had specific posts removed,” Talos researcher Jaeson Schultz wrote. “Eventually, through contact with Facebook’s security team, the majority of malicious groups was quickly taken down, however new groups continue to pop up, and some are still active as of the date of publishing.”

Cybercrime groups are yet another example of the game of enforcement whack-a-mole that Facebook continues to play on its massive platform. At the social network’s scale — and without the company dedicating sufficient resources to more comprehensive detection methods — it’s difficult for Facebook to track the kinds of illicit or potentially harmful behaviors that flourish in unmonitored corners of its sprawling platform.

“These groups violated our policies against spam and financial fraud and we removed them,” a Facebook spokesperson told TechCrunch. “We know we need to be more vigilant and we’re investing heavily to fight this type of activity.”

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Local Governments are a Hot Target for Cyberattacks, Liquid Video Technologies, Greenville South Carolina

Governments are Targets for Cyberattacks

Why local governments are a hot target for cyberattacks

Recent ransomware and other attacks underscore the value attackers see in the data stored in city and regional government systems. Here’s why they are vulnerable and what they can do to reduce the threat.

Over the course of the past few weeks, a seemingly stepped-up wave of malware and ransomware infections has struck a number of municipalities across the U.S.

  • On April 10, the city of Greenville, North Carolina, had to disconnect most city-owned computers from the Internet due to what officials said was a RobinHood ransomware infection, a duplicitous piece of malware that pretends to raise awareness and funds for the people of Yemen.
  • On April 13, Imperial County, California was hit with Ryuk ransomware, which is designed to target enterprise environments, forcing its website to go dark and causing some city systems to malfunction, including a number of departments’ phone lines.
  • On the same day Imperial County was infected, the city of Stuart, Florida, was hit by Ryuk ransomware, forcing system shut-downs affecting payroll, utilities and other vital functions, including police and fire departments.
  • On April 18, an unspecified piece of malware, likely ransomware, crippled the city’s computer networking in Augusta, Maine.
  • On April 21, the municipally owned airport in Cleveland, Ohio, Cleveland Hopkins International airport, was struck by still-unspecified malware, causing the airport’s flight and baggage information boards to go dark, an outage that lasted at least five days.

Despite what appears to be a recent spurt in municipal ransomware attacks, these infections are nothing new to the nation’s cities. The most high-profile municipal ransomware attack took place over a year ago in March 2018 when the city of Atlanta was crippled by SamSam ransomware. According to Wired magazine, the city of Atlanta ended up spending $2.6 million to respond to that attack, roughly 52 times the amount of the $50,000 or so in ransom demanded by the attackers.

Cyberattacks on municipalities harder to hide

Still, the recent spate of attacks raises the question: Are municipal ransomware infections on the rise? According to some municipal cybersecurity experts, cities have long grappling with malware and ransomware attacks at the same rate as private sector organizations, but are just now becoming more public about it.

“Most of these cities have had issues just like businesses have for years,” Gary Hayslip, former CISO for the City of San Diego, California, and now CISO for security firm Webroot, says. “It’s just more of them are being public about it because governments are requiring it now more.”

It’s increasingly difficult to hide city ransomware infections, particularly given that responding to them often requires funds from municipal coffers. “Typically, you end up having to pull out your cyber insurance and you’ve got to get Mandiant or somebody that you have on call to come on over and help you clean up and then hopefully get your data back,” says Hayslip. “So, you’re not going to keep that kind of stuff quiet.”

Internet-delivered city services present more opportunities for attackers

Cities are getting deeper and deeper into IP-based activities to deliver services as efficiently as possible, giving attackers more opportunity to engage in malicious behavior. “I would say there are a couple of big pressures that I think are relevant to most industries, but state and local governments are also exposed to it. First and foremost is the rapid expansion and availability of technology capabilities,” says Chris Kennedy, former government cybersecurity veteran and currently CISO of cybersecurity firm AttackIQ.

Attackers are also getting more savvy. “There’s a constantly growing threat of exploitation either through investment from state-sponsored actors to the commoditization of very sophisticated attack techniques that are easy to use for inexperienced hackers. Ransomware isn’t new. It’s just how it’s been packaged up and how it’s being leveraged operationally by the hacker community.”

Data stored in city systems an attractive target

Whether attacks on cities are increasing or merely just coming more to light now, it’s clear that they’re attractive targets for attackers. “If you think long-range. state and local governments offer a wealth of information about citizen activity. You can imagine how cyber criminals would want to take advantage of that collection of information for identity theft and things like that,” says Kennedy.

“Most people don’t realize cities have massive amounts of data. It’s amazing the different types of data that they have. I mean it’s just phenomenal. They have everything from permits to people paying their water bills to parking tickets to whatever. People are investing in bonds,” says Hayslip, adding that cities also accept credit cards. “U.S. cities are very, very similar to large multinational businesses.”

Financial constraints put a squeeze on security

Unlike large multinational businesses, however, cities, particularly small cities or towns, face financial constraints that limit just how much they can spend on protecting themselves from breaches, malware infections and other kinds of attacks. “It can be an overwhelming problem if you’re not adequately staffed,” Kennedy says. “When you’re resource-constrained a lot of the operating falls to contractors” and “how well you manage those contractors is often difficult.”

On top of that, cities struggle to keep pace with technology refresh cycles, which are growing shorter each year. “Today the typical refresh cycle is about 18 months and most cities aren’t ready for it. A lot of the larger cities still have mainframes.” Hayslip says. “In a business you can do rip and replace. You can go ahead and say we’re going to be down and we’re going to stand up a parallel data center and we’re going to flip over and rip out all this old stuff and then go on about our business. That’s very hard to do when you have citizens that are riding on the services that you provide and don’t like to have their services interrupted.”

State and local governments need federal cybersecurity assistance

While municipal governments struggle with increased attacks, constrained resources and outdated equipment, there are few easy solutions to the unique problems they face. Hayslip thinks the federal government has a role to play in helping cities with funding shortages. “These municipal governments and state governments are tied to massive amounts of federal networks. They’re all interrelated and tied to each other,” he says.

“There should be a pool available to state and local governments” to provide small governments funds to addresses at least the basics of cybersecurity, such as updated software, firewalls and other cyber hygiene-related needs. “It would reduce the risk on the supply chain side among the municipal, state and federal networks,” according to Hayslip.

Cities that are fortunate enough to have dedicated security staff, which Hayslip says begins when the municipality reaches 300 employees, can also benefit from participating in formal and informal information-sharing efforts. Among the formal options available to cities are the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), which is focused on state, local, tribal and territorial government cybersecurity, as well as resources available from the Department of Homeland Security.

Local governments should share security data

When it comes to local governments, sharing information informally can be as helpful as the more formal efforts. When Hayslip was CISO of San Diego, he had a loose group of peers from other jurisdictions in the area and nine times out of ten when one of them was dealing with a sustained attack, the others were, too. Cybercriminals like to “get the most bang for their buck so they’ll attack a region” where local governments are likely to be interconnected, he says.

On the whole cities appear to be dealing adequately with the ransomware and other malware infections that come their way. “Some of them are really taking it seriously and they’re building. Not just the city of San Diego but Los Angeles is doing very well. The city of Denver is doing very well.” Even the city of Atlanta is a good example of a municipality that might now be ahead of the curve. “I think they they’ve learned their lessons and they’re putting it together,” Hayslip says.

Article Provided By: CSO

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cybersecurity Road Maps and Strategies, Liquid Video Technologies, Greenville South Carolina

Cybersecurity Road Maps and Strategies

Companies Must Develop More Precise Cybersecurity Road Maps and Strategies

Given all the years that companies and federal and state governments have been investing aggressively to improve cybersecurity, you might think by now they would have a well-executed cyber architecture and security strategies firmly in place. The sad fact, however, is that many organizations have yet to accomplish this — or they have temporarily but subsequently fail to keep pace with change and now need to recast their work.

Why is enterprise cyber architecture and a solid security strategy so important?

Consider, for example, the security status of a building with 20 exterior doors, of which 19 are locked. Would you be 95% secure? The answer is no. The building would have zero security because most prospective intruders would know enough to find the unlocked door.

The upshot is this: the application of consistent security policies across corporations, now lagging, is essential. And this involves much more than simply securing all software interfaces. Adequate security involves people, process, information and technology, as well as the need to recognize and respond to change, including the adoption of better technologies.

Good Security Includes Cost Efficiencies

Good enterprise architecture also requires the means to align security implementation with enterprise wide strategic objectives and business operations. So costs and efficiencies must be embraced.

Companies, in effect, must think like insurance or credit card companies – i.e., they must analyze known risks and calculate the average cost of threats. Insurance companies set premiums high enough to cover losses on average, but not so high as to make them uncompetitive. Credit card companies spend money to combat fraud, but cap the amount in a bid to balance cost with reward. Similarly, companies need security budgets big enough to cover most, but not all, of their threats. That would be prohibitively expensive and potentially render the business non-competitive.

In short, companies must make intelligent cyber investment bets, bearing in mind a fundamental axiom of security that risk can never be driven to zero.

Risk Tolerance and Budgets Must be in Sync

In many organizations, the tolerance for risk and the budget for security are not in balance because the balance differs in different departments. Businesses must take several steps to plan and implement a sound and balanced enterprise wide cyber architecture and security strategy.

Essential measures include these necessities:

  • Select and follow relevant standards to drive a good cybersecurity posture, such as the NIST Cybersecurity Framework, ISO 27001 or, for select industries, HIPAA. This helps reduce the learning curve and leverages best practices without the need to reinvent the wheel.
  • Make a point of tailoring and customizing the security architecture and cybersecurity risk management process based upon the specific threats and vulnerabilities faced by your organization. The NSA, for example, has developed a model that provides 21 areas in which organizations need to tailor to their specific environment to develop the best possible cybersecurity risk posture.
  • To avoid getting overwhelmed by the sheer volume of attacks, go beyond logging, monitoring and alerting to also focus on proactive threat hunting. Security operations, automation, analytics and incident response must be woven into an integrated platform. And make sure that automation is not merely a “bolt-on” that slows the entire production process.
  •  Increase your cyber visibility by trying to tear things down in search of possible vulnerabilities. This way, you’re not merely relying on the “security hardening work” you have done but are regularly working to improve things. This also makes it easier to find a breach when it occurs.
  • Substantially improve management of third-party risk, which is growing as companies continue to outsource. Current approaches to the problem, such as audits and penetration tests, are helpful but usually provide only a fleeting snapshot of security risk. To proactively mitigate risk, organizations need automated tools to continuously measures and monitor third-party security performance.
  • Welcome the CISO to the C-suite. Because cybersecurity and compliance are serious business issues, it’s imperative that a corporation have a CISO empowered with adequate authority, funding and a clear mission to proactively keep systems and data safe.
  • Lastly, be attuned to advances in cybersecurity that perhaps should be adopted by your organization. One case in point is homomorphic encryption (HE), which is a technique used to work on encrypted data without decrypting it and is in use for select functions by some government entries and corporations to limit the infiltration of secure networks and combat offensive techniques used by nation-states. This could also enable companies, for instance, to encrypt their cloud-based databases and work on them without converting records back to plaintext.

New Technologies like Homomorphic Encryption are Important

So-called fully homomorphic encryption (FHE), which entails almost everything from soup to nuts, has yet to be fully developed. But, as noted, important HE pieces have been put into play and significant advances are being made in the evolution of a technology that stretches back decades.

For many years, HE’s mathematical computations slowed system performance to a crawl. While greater speed is still needed, there has been substantial improvement. Last year, for example, IBM, among the pioneers in HE, rewrote its C++ HE encryption library and claims it now runs up to 75 times faster. And Enveil, a Maryland startup staffed by a former NSA HE team, has broken performance barriers required to produce a commercially viable version of HE, benchmarking millions of times faster than IBM in tests.

In experiments, HE has enabled Google to successfully analyze encrypted data about who clicked on an advertisement in combination with another encrypted multi-company data set with credit card purchase records. As a result, Google was able to provide reports to advertisers summarizing the relationship between the two databases to conclude, for example, that five percent of the people who clicked on an advertised product wound up purchasing it in a store.

While HE will not make sense for all applications today and requires improvement for many uses, it already brings considerable benefit to applications requiring the processing of highly confidential information.  As the technology continues to evolve, HE’s ability to secure data while in use is an example of disruptive innovation that companies need to watch carefully. Sophisticated hackers never stop evolving and improving. This means their prospective victims cannot stop evolving and improving, either.

Article Provided By: RSAConference

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Women Sorts Books in Public Library, Cyberattack, Liquid Video Technologies

Cyberattack hits Augusta

Cyberattack hits Augusta municipal operations; City Center closed

Officials say a nasty, intentionally deployed virus shut down public safety computers and made the city’s entire network unusable, but the phone system and public safety radio system were not affected.

AUGUSTA — A malicious computer virus that targeted — and squarely hit — the city early Thursday morning forced the closure of Augusta City Center.

The virus froze the city’s computer network and rapidly spread to laptops and other devices.

Augusta City Center, on July 12, 2016. Kennebec Journal photo by Joe Phelan

Officials said Thursday afternoon they had located the virus are working on a fix, and no data was taken in the apparent cyberattack. Once they confirm the virus has been removed from the network and all devices associated with it, they plan to restore the city’s servers and get the system up and running again.

Because so many municipal functions there rely on computers — and restoring servers and fixing the damage done is expected to be a cumbersome process — Augusta City Center will remain closed until at least Monday, while the network and servers are restored.

Fred Kahl, director of the information technology department for both the city and schools, said a piece of malicious software somehow got into the city’s computer network, spread rapidly and damaged servers. He said it appears it was a targeted attack. But he also said no data, such as personal information about residents, was taken in the incident.

“Nothing got out, no names or anything like that. It just became inaccessible,” Kahl said late Thursday afternoon about data stored on city servers.”Nothing went anywhere, guaranteed.”

The virus, which officials said was inflicted upon the city’s servers intentionally, also shut down computers used by public safety dispatchers — but not the city’s phone system or the public safety radio system used by dispatchers and police, fire and ambulance staff members in the field to communicate. Dispatchers, who don’t have access to their usual computer-aided dispatching system, tracked calls and the activity and whereabouts of police officers, firefighters and ambulance crews manually.

“It’s not a threat to public safety,” Ralph St. Pierre, finance director and assistant city manager, said Thursday morning from the closed city center. “Dispatch is still answering. The phones are still working.”

What isn’t working is anything that relies on the computer network at Augusta City Center, including municipal financial systems, billing, automobile excise tax records, assessor’s records or general assistance.

All those systems became inaccessible when the city’s network was hit by a virus around 3:20 a.m. Thursday, which froze up the network.

“All our servers are locked up,” St. Pierre said. “This was a particularly bad (virus). This one exploded, it got all the data, all the servers, they froze rock solid, and you can’t pierce it. It’s pretty widespread and impactful.”

He clarified that while the city’s servers and data have been frozen and are inaccessible, it is not believed city data has been breached.

“It was not a breaching of the data. It was a locking down of the data,” St. Pierre said. “This was intentional.”

Professor Henry Felch, program coordinator of the University of Maine at Augusta’s cybersecurity program, which he said is the largest such program in the state, speculated it could have been an inside job, perhaps by a disgruntled current or former employee or someone else with knowledge of and access to the city network.

“If someone did want to do something to bring Augusta to a screeching halt for a couple of days, it could be an act of revenge, or it could be someone is making a statement,” Felch said. “Usually a virus is more widespread than just one locality, if the goal is to infect a lot of computers. This sounds like it was directed toward Augusta. It was a very targeted attack.”

He said the city should involve state police, because what occurred appears to be a crime. He said it appeared the malicious software was intended more to destroy data than to capture data.

St. Pierre said the city’s data is intact, and all its backup systems are fine, meaning the city can start restoring servers. He said restoration work will include contacting software providers so they can reinstall their software. He said it could take until as late as Tuesday to have the network up and running and reopen city center.

Kahl said officials know when the attack was initiated, around 3:20 a.m. Thursday, but he believes the city might never know with 100 percent certainty how the software got into city servers.

He said the city did not pay a ransom payment, as some Maine municipalities and even the Lincoln County Sheriff’s Office have done previously, to have the software removed.

City Manager William Bridgeo said city information technology staff members all were working on the problem, and an outside software consulting firm from Portland also had specialists working on the problem in Augusta.

St. Pierre said officials stopped the virus before it spread to School Department files or servers, which are connected to the same network, and they have been shut off from the network to protect them. He said the city’s email server is at the school department and is still up and running, so city staff members with smartphones can still respond to email.

To make sure all devices that might have been infected with the virus were cleared of it, about 15 Augusta police workers, most of them officers, underwent about a half-hour of training from Kahl and then set out to check every city facility — or anywhere else an infected laptop or other device might be — to see if they had the virus on them. The 10 or so devices that were infected were taken to Kahl’s office so the virus could be removed.

A sign tells patrons about computer system problems on Thursday at Lithgow Public Library in Augusta. Kennebec Journal photo by Joe Phelan

City Center, where nearly all functions rely to some extent on computer access, is expected to remain closed at least through Friday. Other city facilities never closed and are expected to remain open. St. Pierre said Hatch Hill was open and manually billing customers, the library was open, and the Buker Community Center — including youth programming there — was open and running but couldn’t take new registrations, and public works employees were working.

The Augusta Civic Center also was affected by the virus, since its computers are integrated into the city network, but officials said they were still able to access its ticket-selling firm and could sell tickets to events for cash, but not credit cards, on Thursday.

At Lithgow Public Library, the virus’ effect was — in some ways — to send the library back to its past, one based around books, not computers. Its computers were down and unable to access the internet, but people still could read books there. And, according to Julie Olson, assistant director and adult services librarian, they still could check out books and other materials. The public library’s usual circulation system was down, but they were able to use a backup system.

“For our patrons, the biggest impact was we don’t have internet,” Olson said. “We’ve got no computer access at all, they’re all connected to the city’s server, so we can’t access anything. But you can check out books, return books and renew books. We just can’t do the other parts.”

Bridgeo said the city buys “cyber liability” insurance through Maine Municipal Association, and as part of that, about a month ago it had an assessment done of the security of the city’s network. He said he just read a report on the findings of that assessment about a week ago and found that Augusta “got pretty high grades for how we stand.”

Felch said municipalities could be tempting targets for cyberattacks because of all the data they have, or because some of them have control over water treatment systems and other crucial resources. He said the best thing municipalities can do is emphasize training and awareness among staff on how to avoid allowing cyberattacks to be successful. But he said if the malicious software came from inside, via someone with access to the network, there might be nothing the city could do.

He said the city might want to look at its network defenses to see if such attacks could be detected faster.

Felch said the state needs to provide resources to help municipalities fend off cyberattacks.

“What happened to Augusta could probably happen to other municipalities around here, because it’s easy to do and it’s easy to get something started,” he said. “Maine has a lot of smaller municipalities, which makes it a target for someone who may want to practice, and hone the skills they might need to attack a larger city in the future. I think state government needs to do more to help these small municipalities be able to provide protection.”

Augusta police Chief Jared Mills agreed the cyberattack does not pose a threat to public safety. He said the only real effect was not being able to enter information directly into a computer. He said dispatchers were recording things manually and clerks were working to help dispatchers with that task.

Mills said there is “no threat to public safety. This is exactly how we completed reports when I started 20 years ago. Everything was handwritten and our response time then was the same as it is today.”

Felch, an Augusta resident who was turned away Thursday from City Center when he went there to get a new permit to use the Hatch Hill landfill, though at the time he didn’t know why, said students and faculty of UMA’s cybersecurity program would be willing to help Augusta and other municipalities protect themselves.

Article Provided By: centralmaine

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Leaking Bucket- Liquid Video Technologies

Unsecured Databases Leak 60 Million Records

Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data

Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users.

Approximately two weeks ago, I was contacted by security researcher Sanyam Jain of the GDI foundation about something strange that he was seeing. Jain told BleepingComputer that he kept seeing unsecured databases containing the same LinkedIn data appearing and disappearing from the Internet under different IP addresses.

“According to my analysis the data has been removed every day and loaded on another IP. After some time the database becomes either inaccessible or I can no longer connect to the particular IP, which makes me think it was secured. It is very strange.”

Between all eight databases, there was a combined total of approximately 60 million records that contained what appeared to be scraped public information of LinkedIn users. The total size of all of the 8 DBs is 229 GB, with each database ranging between 25 GB to 32 GB.

Example Database
Example Database

As a test, Jain pulled my record from one of the databases and sent it to me for review. The data contained in this record included my LinkedIn profile information, including IDs, profile URLs, work history, education history, location, listed skills, other social profiles, and the last time the profile was updated.

Included in the profile was also my email address that I used when registering my LinkedIn account. It is not known how they gained access to this information as I have always had the LinkedIn privacy setting configured to not publicly display my email address.

Profile information for my record
Profile information for my record

After reviewing the data that was sent to me, I found all of the information to be accurate.

In addition to the above public information, each profile also contains what appears to be internal values that describe the type of LinkedIn subscription the user has and whether they utilize a particular email provider. These values are labeled “isProfessional”, “isPersonal”, “isGmail”, “isHotmail”, and “isOutlook”.

Internal Values
Internal Values

While we not able to determine who the database belonged to, we were able to contact Amazon who is hosting the databases for assistance in getting them secured. As of Monday, the databases were secured and are no longer accessible via the Internet.

LinkedIn states it’s not their database

After seeing that the database contained a user’s email addresses and what appeared to be possible internal values, BleepingComputer contacted LinkedIn to see if the database belonged to them.

After they reviewed my sample record, Paul Rockwell, head of Trust & Safety at LinkedIn, told us that this database does not belong to them, but they are aware of third-party databases containing scraped LinkedIn data.

“We are aware of claims of a scraped LinkedIn database. Our investigation indicates that a third-party company exposed a set of data aggregated from LinkedIn public profiles as well as other, non-LinkedIn sources. We have no indication that LinkedIn has been breached.”

When we followed up with questions as to why the databases would contain my email, we were told that in some cases an email address could be public and were provided a link to a privacy page that allows you to configure who can see a profile’s email address.

LinkedIn Email Privacy Settings
LinkedIn Email Privacy Settings

My settings only allow 1st degree connections to see my email address, so unless the scraper is posing as this type of connection, it is still not known how my email address was included in the database.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Fraudsters Exploit Graphic, Cyber-Security, Networking, Access control, Liquid Video Technologies, Greenville South Carolina

Exploiting Sympathies

Fraudsters Exploit Sympathies Surrounding Notre Dame Tragedy

Fraudsters are preying on the goodwill of people everywhere by using the tragic fire of Notre Dame to their advantage.

According to research by security company ZeroFOX, cyber-criminals are “spreading misinformation about the disaster,” which includes fake donation pages and launching new phishing campaigns. The company says in a blog post that “preying on the sympathy of those wanting to help victims is nothing new, but the technical underpinnings of the internet and its social media platforms allow hackers and spammers to scale their efforts at an unprecedented rate.”

The blog goes onto explain that these threat actors use a variety of tactics, such as:

  • Using bots on Twitter to spread donation links leading to spam or malware sites
  • Impersonating websites and social media accounts of legitimate charity organizations
  • Sending fraudulent charity emails with bad links or attachments
  • Registering domains related to the disaster
  • Creating fake donation campaigns on crowdfunding sites
  • Using fraud messaging that includes vague victim stories, pressure to act quickly or promises of high payouts for a company involved in cleanup

Most worryingly, the crowdfunding tactics might work more than anything else. There is a rise of raising money this way for help people in need, especially around tragic events such as this. Sites such as JustGiving might be copied to set up fake donation sites. “People looking to donate quickly may easily mistake a fraudulent donation page for the real page – losing their money and putting money in the hands of bad actors, not those in need,” says the blog post.

One example the ZeroFox Alpha Team found was on justgiving.com, where an anonymous user created this crowdfunding campaign supporting “Friends of Notre-Dame De Paris Inc.” “Based on the information provided (and lack of details) in the post, any supporter should be hesitant to donate to this particular fundraising effort,” the post goes on to say.

Another tactic targets social media users who follow trending hashtags.

“In the case of the Notre Dame disaster, we have seen multiple instances of posters using the hashtag #NotreDameCathedralFire looking to capitalize on the tragedy,” explains the post.

“[This example of one such post] is looking to sell ‘services’ using the Notre Dame fire hashtag.” Users need to be be careful, it goes on, of any seller using hijacked hashtags, as they are “typically associated with scams and malicious links.

Example of potential crowdfunding scam – note the warning signs.

When it comes to avoiding scams related to this disaster, ZeroFOX recommends the following:

  • Review suggestions from crowdfunding sites on how to identify legitimate campaigns.
  • Be cautious of unfamiliar individuals or organizations soliciting donations or investments through social media, email or phone.
  • Conduct thorough research on charity organizations and use a website that rates organizations, such as Charity Navigator or CharityWatch.
  • Be cautious of requests for donations or investments in cash, by gift card, or by wiring money, which are frequent methods of payment for scams.
  • Report potential scams to crowdfunding sites, and reach out for a potential refund in the case of a suspected scam.

Article Provided By: Info Security Group

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like to discuss how Liquid Video Technologies can help you secure your data or would like to discuss your next Home Security System, Networking, Access ControlFire, IT consultant or PCI Compliance, needs.  Please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Data Breach- Recovery Addiction Treatment Center. (PII), liquid Video Technologies, Greenville South Carolina

Steps To Recovery Addiction Treatment Center Leaking PII

Incident Timeline:

March 24, 2019 Open ElasticSearch database discovered.
March 24, 2019 stepstorecovery.com emailed via their published email address.
March 24, 2019 Hosting provider for ElasticSearch database notified.
March 25, 2019 Hosting provider confirms server owner has taken down the exposed server.
March 28, 2019 A follow email sent to stepstorecovery.com, asking if they intended to notify their impacted users, no reply.
April 15, 2019 A follow email sent, no reply.


Recently I discovered an improperly secured ElasticSearch database that contained personally identifiable information (PII) related to individuals who had received medical treatment at an addiction treatment center. This data appears to cover patient data from mid 2016 – late 2018, and amounts to roughly 4.9 million rows of data. Following notification, the hosting provider of the database took prompt action to notify the owner of the database, but Steps to Recovery has yet to reply to any inquiries. To the best of my knowledge, the treatment center has not notified their patients regarding this leak of their PII.


While searching Shodan I recently discovered yet another ElasticSearch database that was exposed to the Internet without any form of authentication. Based on a quick review of the data it quickly became apparent that the database contained medical information and PII related to patients of some type of rehab center. Based on the name of the database and additional information in the database it appears this was patient data from Steps to Recovery, an addiction treatment center located in Levittown, PA. I initially notified Steps To Recovery regarding the data leak, but also notified the hosting provider given the sensitivity of the data. To date I have not received any reply from Steps To Recovery, but the hosting provider notified their customer who then promptly took action to disable access to the database. It is unclear if Steps To Recovery took this action, or if someone may have been running this database on their behalf.

The Data:

The ElasticSearch database contained two indexes, roughly 1.45GB in size, containing 4.91 million documents. These are not large numbers, but given the sensitivity of any PII leak I treated  this as an urgent issue.

infcharges   906Mi	2.74M
infpayments  549Mi	2.17M

Data related to multiple distinct patients was observed, though (luckily) it did appear that the number of unique patients was likely far fewer than the number of documents in the database would suggest. As demonstrated by the screenshot below, a single PatientID could have multiple rows of data for different medical procedures. Based on a random sample of 5,000 rows of data from the “infcharges” index, I observed 267 unique patients – or roughly 5.34% were unique. Assuming this trend continues, that would suggest the database contained roughly 146,316 unique patients. To reiterate – it’s entirely possible this sample of 5,000 rows of data was not representative of the entire index of data though.


A leak of PII related to 146,316 unique patients would be bad on any day. It’s particularly bad when it is something as sensitive as a addiction rehab center. Given the stigma that surrounds addiction this is almost certainly not information the patients want easily accessible.

What could a malicious user do with this data? Based on the patient name it was simple to locate all medical procedures a specific person received, when they received those procedures, how much they were billed, and at which specific facility they received treatment.

That’s just the tip of the iceberg though.

If you search on Google for the patient name and in the example included above “Ohio” where the addiction recovery center was located it becomes trivial to locate more information about this patient.

Sidenote: It’s unclear the connection between Steps to Recovery in Levittown, PA and this Ohio Addiction Recovery Center. My best guess is that the patient lived either near Levittown and had visited Ohio, or vice versa. Based on the additional information I was able to easily locate – I can say with confidence the patient almost certainly lives in Ohio.

I’ve heavily redacted the Google search below – but you can still get a sense for the extent of the information that was immediately located.

This is a creepy Google search.

I did not pay for any of these background reports. I had no interest in going that far.

After briefly reviewing just the freely available information though I could still tell you, with reasonably high confidence, the patient’s age, birthdate, address, past addresses, the names of the patient’s family members, their political affiliation, potential phone numbers and email addresses.

In conclusion:

Please, please, please secure your data.

I hope that Steps to Recovery will acknowledge this leak of sensitive patient data. I hope they will promptly (it’s not prompt any more – it’s been a month) notify all of the patients they determine were impacted. I found this data leak purely by accident, but a malicious person could have also found this same data, and potentially used it as part of identity theft.


Article Provided By: Rainbowtabl.es

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like to discuss how Liquid Video Technologies can help you secure your data or would like to discuss your next Home Security System, Networking, Access ControlFire, IT consultant or PCI Compliance, needs.  Please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

As Threats Evolve So Should You

As Threats Evolve So Should You

Microsoft Office now the most targeted platform, as browser security improves

Microsoft Office has become cybercriminals’ preferred platform when carrying out attacks, and the number of incidents keeps increasing, Kaspersky Lab researchers said during the company’s annual conference, Security Analyst Summit, in Singapore. Boris Larin, Vlad Stolyarov and Alexander Liskin showed that the threat landscape has changed in the past two years and urged users to keep their software up-to-date and to avoid opening files that come from untrusted sources to reduce the risk of infection.

Today, more than 70% of all the attacks Kaspersky Lab catches are targeting Microsoft Office, and only 14% take advantage of browser vulnerabilities. Two years ago, it was the opposite: Web-based vulnerabilities accounted for 45% of the attacks, while Microsoft Office had a 16% share.

Kaspersky researchers presented data showing increase in Microsoft Office exploits since 2016As Threats Evolve So Should You

Researchers said that this is because hacking browsers has become more expensive, as browser security has improved. “Browser developers put much effort into different kinds of security protections and mitigations,” Liskin said. “Attackers were looking for a new target, and MS Office has become a star.”

Liskin added that there are plenty of reasons why cybercriminals choose to attack the popular suite. “Microsoft Office has a huge number of different file formats,” he said. “It is deeply integrated into the Windows operating system.”

He also argued that when Microsoft created Office, it made several decisions that, in hindsight, aren’t optimal security-wise and are currently difficult to change. Making such alterations would have a significant impact on all the versions of the products, Liskin said.

The researchers pointed out that the most exploited vulnerabilities from the past two years are not in MS Office itself, but rather in related components. Two of those vulnerabilities, CVE-2017-11882 and CVE-2018-0802, exploit bugs found in Equation Editor. Cybercriminals prefer to use them because they can be found in every version of Microsoft Word released in the past 17 years. Moreover, building exploits for them does not require advanced skilled, because the Equation Editor binary lacks modern protections and mitigations. These are simple, logical vulnerabilities, the researchers said.

Exploit uses Internet Explorer to hack Office

Another interesting vulnerability is CVE-2018-8174. In this unusual case, the vulnerability was actually in Internet Explorer, but the exploit was found in an Office file. “The exploit was delivered as an obfuscated RTF document,” researcher Larin said. “This is the first exploit to use a vulnerability in Internet Explorer to hack Microsoft Office.”

The infection chain has three steps. First, the victim opens the malicious document. As they do this, a second stage of the exploit is downloaded: an HTML page that contains a VBScript code. This then triggers the third step, ause after free (UAF) vulnerability, and executes shellcode. UAF bugs are a type of memory corruption vulnerability that have been very successful in the past for browser exploitation. The technique works by referencing memory after it has been freed, causing the software to crash or allowing an attacker to execute code.

Cybercriminals act fast on Microsoft exploits

What intrigues Larin, Stolyarov and Liskin the most about the cases they’ve studied is how fast cybercriminals operate. Most incidents start with a Microsoft Office zero-day that’s used in a targeted campaign. Once it becomes public, it’s only a matter of days until exploits appear on the dark web. Sometimes, it can even be faster, as has happened with CVE-2017-11882, the first Office Equation Editor vulnerability Kaspersky Lab researchers uncovered. The publication of the proof of concept was followed by a massive spam campaign that began on the very same day.

Microsoft Office vulnerabilities might become even more common in the near future, as attackers continue to target the suite. Larin advised users to keep their software updated, and to pay attention to the files they receive from dubious email addresses. “Our best recommendation is not to open links and files received from untrusted sources, and have installed security solutions with advanced detection of exploits,” Larin added.


As Threats Evolve So Should You By Andrada Fiscutean


Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.



High Tech Without Answers

High Tech Without Answers

Boeing will cut production of its 737 Max plane amid growing international crisis


Boeing plans to cut the rate of its 737 production to 42 airplanes per month from 52 as it works to manage the grounding of its MAX aircraft in the wake of two deadly crashes, Chief Executive Officer Dennis Muilenburg said in a statement on Friday.

Muilenburg said the company now knows that a chain of events caused Lion Air and Ethiopian Airlines accidents, with erroneous activation of so-called MCAS anti-stall software “a common link” between the two.

The company continues to make progress on a 737 MAX software update to prevent “accidents like these from ever happening again,” he said.

As we work closely with customers and global regulators to return the 737 MAX to service, we continue to be driven by our enduring values, with a focus on safety, integrity and quality in all we do.

We now know that the recent Lion Air Flight 610 and Ethiopian Airlines Flight 302 accidents were caused by a chain of events, with a common chain link being erroneous activation of the aircraft’s MCAS function. We have the responsibility to eliminate this risk, and we know how to do it. As part of this effort, we’re making progress on the 737 MAX software update that will prevent accidents like these from ever happening again. Teams are working tirelessly, advancing and testing the software, conducting non-advocate reviews, and engaging regulators and customers worldwide as we proceed to final certification. I recently had the opportunity to experience the software update performing safely in action during a 737 MAX 7 demo flight. We’re also finalizing new pilot training courses and supplementary educational material for our global MAX customers. This progress is the result of our comprehensive, disciplined approach and taking the time necessary to get it right.

As we continue to work through these steps, we’re adjusting the 737 production system temporarily to accommodate the pause in MAX deliveries, allowing us to prioritize additional resources to focus on software certification and returning the MAX to flight. We have decided to temporarily move from a production rate of 52 airplanes per month to 42 airplanes per month starting in mid-April.

At a production rate of 42 airplanes per month, the 737 program and related production teams will maintain their current employment levels while we continue to invest in the broader health and quality of our production system and supply chain.

We are coordinating closely with our customers as we work through plans to mitigate the impact of this adjustment. We will also work directly with our suppliers on their production plans to minimize operational disruption and financial impact of the production rate change.

In light of our commitment to continuous improvement and our determination to always make a safe industry even safer, I’ve asked the Boeing Board of Directors to establish a committee to review our company-wide policies and processes for the design and development of the airplanes we build. The committee will confirm the effectiveness of our policies and processes for assuring the highest level of safety on the 737-MAX program, as well as our other airplane programs, and recommend improvements to our policies and procedures.

The committee members will be Adm. Edmund P. Giambastiani, Jr., (Ret.), former vice chairman, U.S. Joint Chiefs of Staff, who will serve as the committee’s chair; Robert A. Bradway, chairman and CEO of Amgen, Inc.; Lynn J. Good, chairman, president and CEO of the Duke Energy Corporation; and Edward M. Liddy, former chairman and CEO of the Allstate Corporation, all members of the company’s board. These individuals have been selected to serve on this committee because of their collective and extensive experiences that include leadership roles in corporate, regulated industries and government entities where safety and the safety of lives is paramount.

Safety is our responsibility, and we own it. When the MAX returns to the skies, we’ve promised our airline customers and their passengers and crews that it will be as safe as any airplane ever to fly. Our continued disciplined approach is the right decision for our employees, customers, supplier partners and other stakeholders as we work with global regulators and customers to return the 737 MAX fleet to service and deliver on our commitments to all of our stakeholders.

(Reporting by Tracy Rucinski; editing by Grant McCool)

More on Boeing’s 737 Max crisis:

BY: Tracy Rucinski


Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Every Success Starts Somewhere

Every Success Starts Somewhere

How Jeff Bezos decided the first thing Amazon would sell was books


  • Amazon was designed to be an “everything store,” according to Brad Stone’s book “The Everything Store.”
  • But when CEO Jeff Bezos was first thinking about launching the company, he decided to start by selling books.
  • They were the most practical product choice, and he could offer a much wider selection than any brick-and-mortar retailers could.
  • Visit Business Insider’s homepage for more stories.

Amazon grew out of CEO Jeff Bezos’ desire to build an “everything store.” It was an idea he’d discussed at length with his former boss David Shaw.

Brad Stone wrote in his 2013 book, also called “The Everything Store,” that Bezos and Shaw’s goal was to build “an Internet company that served as the intermediary between customers and manufacturers and sold nearly every type of product, all over the world.”

To be sure, that description is fitting for the Amazon we know today. But when Bezos was first thinking about launching the company, he knew that a store that sold absolutely everything would be an unrealistic goal. So he tried to zero in on a single product category.

Stone wrote that Bezos thought up 20 product categories, from music to office supplies. Books seemed like the best option, for a few reasons. Customers would always know what they were in for, since one copy of a book is the same as another.

What’s more, Stone wrote, at the time there were two primary book distributors — Ingram and Baker and Taylor — meaning Amazon wouldn’t have to get in touch with thousands of book publishers.

Finally, there were 3 million books in print, which was a lot more than a bookstore, such as Barnes and Noble, could stock.

So an “everything store” of books it was. Stone quoted a speech Bezos gave at Lake Forest College in 1998: “With that huge diversity of products you could build a store online that simply could not exist in any other way.”

When Amazon opened to the public in 1995, according to the Los Angeles Times, it billed itself as “Earth’s Biggest Bookstore.” By 1997, the Los Angeles Times reported, the company carried more than 2.5 million titles.

Amazon began broadening its horizons beyond books in 1998, when it bought the companies Junglee Corp. and Planet All. “We’re at an inflection point where we are now looking at a broader range of products,” Bezos told The New York Times, which labeled Amazon “the most successful merchant on the Internet.”


Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.


1 2