fbpx
Fraudsters Exploit Graphic, Cyber-Security, Networking, Access control, Liquid Video Technologies, Greenville South Carolina

Exploiting Sympathies

Fraudsters Exploit Sympathies Surrounding Notre Dame Tragedy

Fraudsters are preying on the goodwill of people everywhere by using the tragic fire of Notre Dame to their advantage.

According to research by security company ZeroFOX, cyber-criminals are “spreading misinformation about the disaster,” which includes fake donation pages and launching new phishing campaigns. The company says in a blog post that “preying on the sympathy of those wanting to help victims is nothing new, but the technical underpinnings of the internet and its social media platforms allow hackers and spammers to scale their efforts at an unprecedented rate.”

The blog goes onto explain that these threat actors use a variety of tactics, such as:

  • Using bots on Twitter to spread donation links leading to spam or malware sites
  • Impersonating websites and social media accounts of legitimate charity organizations
  • Sending fraudulent charity emails with bad links or attachments
  • Registering domains related to the disaster
  • Creating fake donation campaigns on crowdfunding sites
  • Using fraud messaging that includes vague victim stories, pressure to act quickly or promises of high payouts for a company involved in cleanup

Most worryingly, the crowdfunding tactics might work more than anything else. There is a rise of raising money this way for help people in need, especially around tragic events such as this. Sites such as JustGiving might be copied to set up fake donation sites. “People looking to donate quickly may easily mistake a fraudulent donation page for the real page – losing their money and putting money in the hands of bad actors, not those in need,” says the blog post.

One example the ZeroFox Alpha Team found was on justgiving.com, where an anonymous user created this crowdfunding campaign supporting “Friends of Notre-Dame De Paris Inc.” “Based on the information provided (and lack of details) in the post, any supporter should be hesitant to donate to this particular fundraising effort,” the post goes on to say.

Another tactic targets social media users who follow trending hashtags.

“In the case of the Notre Dame disaster, we have seen multiple instances of posters using the hashtag #NotreDameCathedralFire looking to capitalize on the tragedy,” explains the post.

“[This example of one such post] is looking to sell ‘services’ using the Notre Dame fire hashtag.” Users need to be be careful, it goes on, of any seller using hijacked hashtags, as they are “typically associated with scams and malicious links.

Example of potential crowdfunding scam – note the warning signs.

When it comes to avoiding scams related to this disaster, ZeroFOX recommends the following:

  • Review suggestions from crowdfunding sites on how to identify legitimate campaigns.
  • Be cautious of unfamiliar individuals or organizations soliciting donations or investments through social media, email or phone.
  • Conduct thorough research on charity organizations and use a website that rates organizations, such as Charity Navigator or CharityWatch.
  • Be cautious of requests for donations or investments in cash, by gift card, or by wiring money, which are frequent methods of payment for scams.
  • Report potential scams to crowdfunding sites, and reach out for a potential refund in the case of a suspected scam.

Article Provided By: Info Security Group

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like to discuss how Liquid Video Technologies can help you secure your data or would like to discuss your next Home Security System, Networking, Access ControlFire, IT consultant or PCI Compliance, needs.  Please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Data Breach- Recovery Addiction Treatment Center. (PII), liquid Video Technologies, Greenville South Carolina

Steps To Recovery Addiction Treatment Center Leaking PII

Incident Timeline:

DATE EVENT
March 24, 2019 Open ElasticSearch database discovered.
March 24, 2019 stepstorecovery.com emailed via their published email address.
March 24, 2019 Hosting provider for ElasticSearch database notified.
March 25, 2019 Hosting provider confirms server owner has taken down the exposed server.
March 28, 2019 A follow email sent to stepstorecovery.com, asking if they intended to notify their impacted users, no reply.
April 15, 2019 A follow email sent, no reply.

Summary:

Recently I discovered an improperly secured ElasticSearch database that contained personally identifiable information (PII) related to individuals who had received medical treatment at an addiction treatment center. This data appears to cover patient data from mid 2016 – late 2018, and amounts to roughly 4.9 million rows of data. Following notification, the hosting provider of the database took prompt action to notify the owner of the database, but Steps to Recovery has yet to reply to any inquiries. To the best of my knowledge, the treatment center has not notified their patients regarding this leak of their PII.

Investigation:

While searching Shodan I recently discovered yet another ElasticSearch database that was exposed to the Internet without any form of authentication. Based on a quick review of the data it quickly became apparent that the database contained medical information and PII related to patients of some type of rehab center. Based on the name of the database and additional information in the database it appears this was patient data from Steps to Recovery, an addiction treatment center located in Levittown, PA. I initially notified Steps To Recovery regarding the data leak, but also notified the hosting provider given the sensitivity of the data. To date I have not received any reply from Steps To Recovery, but the hosting provider notified their customer who then promptly took action to disable access to the database. It is unclear if Steps To Recovery took this action, or if someone may have been running this database on their behalf.

The Data:

The ElasticSearch database contained two indexes, roughly 1.45GB in size, containing 4.91 million documents. These are not large numbers, but given the sensitivity of any PII leak I treated  this as an urgent issue.

infcharges   906Mi	2.74M
infpayments  549Mi	2.17M

Data related to multiple distinct patients was observed, though (luckily) it did appear that the number of unique patients was likely far fewer than the number of documents in the database would suggest. As demonstrated by the screenshot below, a single PatientID could have multiple rows of data for different medical procedures. Based on a random sample of 5,000 rows of data from the “infcharges” index, I observed 267 unique patients – or roughly 5.34% were unique. Assuming this trend continues, that would suggest the database contained roughly 146,316 unique patients. To reiterate – it’s entirely possible this sample of 5,000 rows of data was not representative of the entire index of data though.

Impact:

A leak of PII related to 146,316 unique patients would be bad on any day. It’s particularly bad when it is something as sensitive as a addiction rehab center. Given the stigma that surrounds addiction this is almost certainly not information the patients want easily accessible.

What could a malicious user do with this data? Based on the patient name it was simple to locate all medical procedures a specific person received, when they received those procedures, how much they were billed, and at which specific facility they received treatment.

That’s just the tip of the iceberg though.

If you search on Google for the patient name and in the example included above “Ohio” where the addiction recovery center was located it becomes trivial to locate more information about this patient.

Sidenote: It’s unclear the connection between Steps to Recovery in Levittown, PA and this Ohio Addiction Recovery Center. My best guess is that the patient lived either near Levittown and had visited Ohio, or vice versa. Based on the additional information I was able to easily locate – I can say with confidence the patient almost certainly lives in Ohio.

I’ve heavily redacted the Google search below – but you can still get a sense for the extent of the information that was immediately located.

This is a creepy Google search.

I did not pay for any of these background reports. I had no interest in going that far.

After briefly reviewing just the freely available information though I could still tell you, with reasonably high confidence, the patient’s age, birthdate, address, past addresses, the names of the patient’s family members, their political affiliation, potential phone numbers and email addresses.

In conclusion:

Please, please, please secure your data.

I hope that Steps to Recovery will acknowledge this leak of sensitive patient data. I hope they will promptly (it’s not prompt any more – it’s been a month) notify all of the patients they determine were impacted. I found this data leak purely by accident, but a malicious person could have also found this same data, and potentially used it as part of identity theft.

 

Article Provided By: Rainbowtabl.es

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like to discuss how Liquid Video Technologies can help you secure your data or would like to discuss your next Home Security System, Networking, Access ControlFire, IT consultant or PCI Compliance, needs.  Please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Mid-April Security Alerts

A hotspot finder app exposed 2 million Wi-Fi network passwords

A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks.

The app, downloaded by thousands of users, allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use.

That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk.

Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean,  which took down the database within a day of reaching out.

“We notified the user and have taken the [server] hosting the exposed database offline,” a spokesperson told TechCrunch.

Each record contained the Wi-Fi network name, its precise geolocation, its basic service set identifier (BSSID) and network password stored in plaintext.

Although the app developer claims the app only provides passwords for public hotspots, a review of the data showed countless home Wi-Fi networks. The exposed data didn’t include contact information for any of the Wi-Fi network owners, but the geolocation of each Wi-Fi network correlated on a map often included networks in wholly residential areas or where no discernible businesses exist.

The app doesn’t require users to obtain the permission from the network owner, exposing Wi-Fi networks to unauthorized access. With access to a network, an attacker may be able to modify router settings to point unsuspecting users to malicious websites by changing the DNS server, a vital system used to convert web addresses into the IP addresses used to locate web servers on the internet. When on a network, an attacker also can read the unencrypted traffic that goes across the wireless network, allowing them to steal passwords and secrets.

Tens of thousands of the exposed Wi-Fi passwords are for networks based in the U.S.

Article Provided By: Techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like to discuss how Liquid Video Technologies can help you secure your data or would like to discuss your next Home Security System, Networking, Access ControlFire, IT consultant or PCI Compliance, needs.  Please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

 

As Threats Evolve So Should You

As Threats Evolve So Should You

Microsoft Office now the most targeted platform, as browser security improves

Microsoft Office has become cybercriminals’ preferred platform when carrying out attacks, and the number of incidents keeps increasing, Kaspersky Lab researchers said during the company’s annual conference, Security Analyst Summit, in Singapore. Boris Larin, Vlad Stolyarov and Alexander Liskin showed that the threat landscape has changed in the past two years and urged users to keep their software up-to-date and to avoid opening files that come from untrusted sources to reduce the risk of infection.

Today, more than 70% of all the attacks Kaspersky Lab catches are targeting Microsoft Office, and only 14% take advantage of browser vulnerabilities. Two years ago, it was the opposite: Web-based vulnerabilities accounted for 45% of the attacks, while Microsoft Office had a 16% share.

Kaspersky researchers presented data showing increase in Microsoft Office exploits since 2016As Threats Evolve So Should You

Researchers said that this is because hacking browsers has become more expensive, as browser security has improved. “Browser developers put much effort into different kinds of security protections and mitigations,” Liskin said. “Attackers were looking for a new target, and MS Office has become a star.”

Liskin added that there are plenty of reasons why cybercriminals choose to attack the popular suite. “Microsoft Office has a huge number of different file formats,” he said. “It is deeply integrated into the Windows operating system.”

He also argued that when Microsoft created Office, it made several decisions that, in hindsight, aren’t optimal security-wise and are currently difficult to change. Making such alterations would have a significant impact on all the versions of the products, Liskin said.

The researchers pointed out that the most exploited vulnerabilities from the past two years are not in MS Office itself, but rather in related components. Two of those vulnerabilities, CVE-2017-11882 and CVE-2018-0802, exploit bugs found in Equation Editor. Cybercriminals prefer to use them because they can be found in every version of Microsoft Word released in the past 17 years. Moreover, building exploits for them does not require advanced skilled, because the Equation Editor binary lacks modern protections and mitigations. These are simple, logical vulnerabilities, the researchers said.

Exploit uses Internet Explorer to hack Office

Another interesting vulnerability is CVE-2018-8174. In this unusual case, the vulnerability was actually in Internet Explorer, but the exploit was found in an Office file. “The exploit was delivered as an obfuscated RTF document,” researcher Larin said. “This is the first exploit to use a vulnerability in Internet Explorer to hack Microsoft Office.”

The infection chain has three steps. First, the victim opens the malicious document. As they do this, a second stage of the exploit is downloaded: an HTML page that contains a VBScript code. This then triggers the third step, ause after free (UAF) vulnerability, and executes shellcode. UAF bugs are a type of memory corruption vulnerability that have been very successful in the past for browser exploitation. The technique works by referencing memory after it has been freed, causing the software to crash or allowing an attacker to execute code.

Cybercriminals act fast on Microsoft exploits

What intrigues Larin, Stolyarov and Liskin the most about the cases they’ve studied is how fast cybercriminals operate. Most incidents start with a Microsoft Office zero-day that’s used in a targeted campaign. Once it becomes public, it’s only a matter of days until exploits appear on the dark web. Sometimes, it can even be faster, as has happened with CVE-2017-11882, the first Office Equation Editor vulnerability Kaspersky Lab researchers uncovered. The publication of the proof of concept was followed by a massive spam campaign that began on the very same day.

Microsoft Office vulnerabilities might become even more common in the near future, as attackers continue to target the suite. Larin advised users to keep their software updated, and to pay attention to the files they receive from dubious email addresses. “Our best recommendation is not to open links and files received from untrusted sources, and have installed security solutions with advanced detection of exploits,” Larin added.

 

As Threats Evolve So Should You By Andrada Fiscutean

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

 

 

Things Aren't As They Seem

Things Aren’t As They Seem

Mueller report details how Russians reached millions of US Facebook and Twitter users and brought them out to real-life rallies

Special counsel Robert Mueller’s report released Thursday says Russia’s Internet Research Agency, or IRA, reached millions of U.S. users on Twitter, Facebook and Instagram leading up to the 2016 presidential election. Russian operatives also communicated with the Trump campaign under false identities “without revealing their Russian association” and interacted with prominent pro-Trump activists to arrange political rallies, “confederate” events and even a #KidsforTrump organization, the report says.

“IRA-controlled Twitter accounts separately had tens of thousands of followers, including multiple U.S. political figures, who retweeted IRA-created content,” the report says. Facebook has estimated that IRA-controlled accounts reached up to 126 million people, with Twitter notifying 1.4 million people they may have been in contact with a Russia-controlled account.

The Mueller document gives a fuller picture of how both technical and in-person intelligence operatives worked together to influence sentiment leading up to the 2016 election.

An odyssey that ramped up in 2014

Russian operatives had been dabbling in social media until around 2014, when they consolidated their efforts under a single program known internally as the “translator department,” according to the report. They later began sending operatives to the U.S. to further the election goals of the program.

In June 2014, four members of the department lied to the U.S. State Department, claiming to be “friends who met at a party.” Two of them, Anna Bogacheva and Aleksandra Krylova, received visas to enter the U.S. In 2016, other operatives were seen holding up signs at an event near the White House purportedly celebrating the birthday of Yevgeniy Prigozhin, a Russian tycoon alleged to have funded some of the interference campaigns and their associated social media ad buys.

On Twitter, the IRA program broke its operation into two strategies: creating real Twitter accounts meant to represent “individual U.S. personas,” and a separate, IRA-controlled network of automated Twitter bots “that enabled the IRA to amplify existing content on Twitter.”

One of the IRA accounts, which claimed to be that of a Trump supporter from Texas, had 70,000 followers. Another anti-immigration persona had 24,000 followers. A third, called @march_for_trump, organized a series of rallies in support of Trump across the U.S. The accounts posted 175,993 tweets, though the report says only 8.4% of those were election-related.

“U.S. media outlets also quoted tweets from IRA-controlled accounts and attributed them to the reactions of real U.S. persons,” the report says.

Influential conservatives also interacted with the accounts, including TV commentator Sean Hannity, Roger Stone, former U.S. Ambassador to Russia Michael McFaul and Michael Flynn Jr.

From Twitter to real life

“The Office identified dozens of U.S. rallies organized by the IRA,” the report says. “The earliest evidence … was a ‘confederate rally’ in November 2015. The IRA continued to organize rallies even after the 2016 U.S. presidential election.”

Many of the rallies drew few participants, while others drew hundreds. “The reach and success of these rallies was closely monitored” by the Russian team, the report says.

The report clarifies that in the cases in which a pro-Trump, IRA-organized rally also coordinated with Trump’s campaign, the campaign was not aware of the origins of the organizers. “The IRA’s contacts included requests for signs and other materials to use at rallies, as well as requests to promote the rallies and help coordinate logistics.”

“The investigation has not identified evidence that any Trump campaign official understood the requests were coming from foreign nationals,” the report says.

Another two-part campaign, against Hillary Clinton

As with the IRA’s Twitter strategy, Russia’s GRU intelligence agency broke its campaign of interference against Hillary Clinton’s presidential campaign into two parts. One group developed specialized malware — malicious software used, in this case, to monitor communications. A second group was charged with honing and launching mass spearphishing operations, meant to identify key targets within Clinton’s campaign and craft believable emails persuading them to click and, therefore, install the custom malware.

The GRU officers sent hundreds of these emails to Clinton staffers, including official campaign accounts and Google accounts used by staffers.

 

Things Aren't As They Seem By: Kate Fazzini

 

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Is Your Smart Home Vulnerable

Is Your Smart Home Vulnerable

Spy on your smart home with this open source research tool

 

Researchers at Princeton University  have built a web app that lets you (and them) spy on your smart home devices to see what they’re up to.

The open source tool, called IoT Inspector, is available for download here. (Currently it’s Mac OS only, with a wait list for Windows or Linux.)

In a blog about the effort the researchers write that their aim is to offer a simple tool for consumers to analyze the network traffic of their Internet connected gizmos. The basic idea is to help people see whether devices such as smart speakers or wi-fi enabled robot vacuum cleaners are sharing their data with third parties. (Or indeed how much snitching their gadgets are doing.)

Testing the IoT Inspector tool in their lab the researchers say they found a Chromecast device constantly contacting Google’s servers even when not in active use.

Is Your Smart Home Vulnerable

A Geeni smart bulb was also found to be constantly communicating with the cloud — sending/receiving traffic via a URL (tuyaus.com) that’s operated by a China-based company with a platform which controls IoT devices.

There are other ways to track devices like this — such as setting up a wireless hotspot to sniff IoT traffic using a packet analyzer like WireShark. But the level of technical expertise required makes them difficult for plenty of consumers.

Whereas the researchers say their web app doesn’t require any special hardware or complicated set-up so it sounds easier than trying to go packet sniffing your devices yourself. (Gizmodo, which got an early look at the tool, describes it as “incredibly easy to install and use”.)

One wrinkle: The web app doesn’t work with Safari; requiring either Firefox or Google Chrome (or a Chromium-based browser) to work.

The main caveat is that the team at Princeton do want to use the gathered data to feed IoT research — so users of the tool will be contributing to efforts to study smart home devices.

The title of their research project is Identifying Privacy, Security, and Performance Risks of Consumer IoT Devices. The listed principle investigators are professor Nick Feamster and PhD student Danny Yuxing Huang at the university’s Computer Science department.

The Princeton team says it intends to study privacy and security risks and network performance risks of IoT devices. But they also note they may share the full dataset with other non-Princeton researchers after a standard research ethics approval process. So users of IoT Inspector will be participating in at least one research project. (Though the tool also lets you delete any collected data — per device or per account.)

“With IoT Inspector, we are the first in the research community to produce an open-source, anonymized dataset of actual IoT network traffic, where the identity of each device is labelled,” the researchers write. “We hope to invite any academic researchers to collaborate with us — e.g., to analyze the data or to improve the data collection — and advance our knowledge on IoT security, privacy, and other related fields (e.g., network performance).”

They have produced an extensive FAQ which anyone thinking about running the tool should definitely read before getting involved with a piece of software that’s explicitly designed to spy on your network traffic. (tl;dr, they’re using ARP-spoofing to intercept traffic data — a technique they warn may slow your network, in addition to the risk of their software being buggy.)

The dataset that’s being harvesting by the traffic analyzer tool is anonymized and the researchers specify they’re not gathering any public-facing IP addresses or locations. But there are still some privacy risks — such as if you have smart home devices you’ve named using your real name. So, again, do read the FAQ carefully if you want to participate.

For each IoT device on a network the tool collects multiple data-points and sends them back to servers at Princeton University — including DNS requests and responses; destination IP addresses and ports; hashed MAC addresses; aggregated traffic statistics; TLS client handshakes; and device manufacturers.

The tool has been designed not to track computers, tablets and smartphones by default, given the study focus on smart home gizmos. Users can also manually exclude individual smart devices from being tracked if they’re able to power them down during set up or by specifying their MAC address.

Up to 50 smart devices can be tracked on the network where IoT Inspector is running. Anyone with more than 50 devices is asked to contact the researchers to ask for an increase to that limit.

 

By:  Natasha Lomas 

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Microsoft: Hackers access customer accounts

Microsoft: Hackers access customer accounts

Microsoft: Hackers compromised support agent’s credentials to access customer email accounts

On the heels of a trove of 773 million emails, and tens of millions of passwords, from a variety of domains getting leaked in January, Microsoft has faced another breach affecting its web-based email services.

Microsoft  has confirmed to TechCrunch that a certain “limited” number of people who use web email services managed by Microsoft — which cover services like @msn.com and @hotmail.com — had their accounts compromised.

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” said a Microsoft spokesperson in an email.

According to an email Microsoft has sent out to affected users (the reader who tipped us off got his late Friday evening), malicious hackers were potentially able to access an affected user’s e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicates with — “but not the content of any e-mails or attachments,” nor — it seems — login credentials like passwords.

Microsoft is still recommending that affected users change their passwords regardless.

The breach occurred between January 1 and March 28, Microsoft’s letter to users said.

The hackers got into the system by compromising a customer support agent’s credentials, according to the letter. Once identified, those credentials were disabled. Microsoft told users that it didn’t know what data was viewed by the hackers or why, but cautioned that users might as a result see more phishing or spam emails as a result. “You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source.”

We are printing the full text of the email below, but a separate email sent to us, from Microsoft’s Information Protection and Governance team, confirmed some of the basic details, adding that it has increased detection and monitoring on those accounts affected.

Microsoft recently became aware of an issue involving unauthorized access to some customers’ web-based email accounts by cybercriminals. We addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators’ access. A limited number of consumer accounts were impacted, and we have notified all impacted customers. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts. 

No enterprise customers are affected, TechCrunch understands.

Right now, a lot of question marks remain. It’s unclear exactly how many people or accounts were affected, nor in which territories they are located — but it seems that at least some were in the European Union,  since Microsoft also provides information for contacting Microsoft’s data protection officer in the region.

We also don’t know how the agent’s credentials were compromised, or if the agent was a Microsoft employee, or if the person worked for a third party providing support services. And Microsoft has not explained how it discovered the breach.

We have asked Microsoft all of the above and will update this post as we learn more.

In this age where cybersecurity breaches get revealed on a daily basis, email is one of the most commonly leaked pieces of personal information. There’s even been a site created dedicated to helping people figure out if they are among those who have been hacked. Have I Been Pwned, as the site is called, now has over 7.8 billion email addresses in its database.

We’ll update this post as we learn more. The letter from Microsoft to affected users follows.

Dear Customer

Microsoft is committed to providing our customers with transparency. As part of maintaining this trust and commitment to you, we are informing you of a recent event that affected your Microsoft-managed email account.

We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments, between January 1st 2019 and March 28th 2019.

Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access. Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used. As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source (you can read more about phishing attacks at https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/phishing).

It is important to note that your email login credentials were not directly impacted by this incident. However, out of caution, you should reset your password for your account.

If you require further assistance, or have any additional questions or concerns, please feel free to reach out to our Incident Response Team at ipg-ir@microsoft.com. If you are a citizen of European Union, you may also contact Microsoft’s Data Protection Officer at:

EU Data Protection Officer
Microsoft Ireland Operations Ltd
One Microsoft Place,
South County Business Park,
Leopardstown, Dublin 18, Ireland
dpoffice@microsoft.com

Microsoft regrets any inconvenience caused by this issue. Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.

Updated with comment from Microsoft.

 

By:  Ingrid LundenZack Whittaker

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber Leak: Are You Protected

Cyber Leak: Are You Protected

Hackers publish personal data on thousands of US police officers and federal agents

 

A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.

The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exploited flaws on at least three of the organization’s chapter websites — which we’re not naming — and downloaded the contents of each web server.

The hackers then put the data up for download on their own website, which we’re also not naming nor linking to given the sensitivity of the data.

The spreadsheets contained about 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses. The FBINAA could not be reached for comment outside of business hours. If we hear back, we’ll update.

TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday.

“We hacked more than 1,000 sites,” said the hacker. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.

The hacker claimed to have “over a million data” [sic] on employees across several U.S. federal agencies and public service organizations.

It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on the dark web, but the hackers said they would offer the data for free to show that they had something “interesting.”

Unprompted, the hacker sent a link to another FBINAA chapter website they claimed to have hacked. When we opened the page in a Tor browser session, the website had been defaced — prominently displaying a screenshot of the encrypted chat moments earlier.

The hacker — one of more than ten, they said — used public exploits, indicating that many of the websites they hit weren’t up-to-date and had outdated plugins.

In the encrypted chat, the hacker also provided evidence of other breached websites, including a subdomain belonging to manufacturing giant Foxconn. One of the links provided did not need a username or a password but revealed the back-end to a Lotus-based webmail system containing thousands of employee records, including email addresses and phone numbers.

Their end goal: “Experience and money,” the hacker said.

 

By: Zack Whittaker

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

LVT- Integration-moving-forward, view of CAT5 cable and with services Icons, Greenville South Carolina

Social Channels Are Ruling E-Commerce

THE SOCIAL COMMERCE REPORT: How Facebook, YouTube, Pinterest, and other popular apps are upending the e-commerce space

Social media is becoming increasingly influential in shoppers’ purchasing decisions. In fact, the top 500 retailers earned an estimated $6.5 billion from social shopping in 2017, up 24% from 2016, according to BI Intelligence estimates.

Growth in Share of Retail Site VisitsBI Intelligence

In addition to influencing purchase decisions, social media is a large part of the product discovery and research phase of the shopping journey. And with more and more retailers offering quick access to their sites via social media pages, and shoppable content becoming more popular, it’s likely that social media will play an even larger role in e-commerce.

In The Social Commerce ReportBusiness Insider Intelligenceexamines the advantages and disadvantages of each platform, and reviews case studies of successful campaigns that helped boost conversion and increase brand awareness. Additionally, we explore how retailers can bring social aspects into their own sites and apps to capitalize on consumers’ desire for social shopping experiences.

Here are some key takeaways from the report:

  • Social media is becoming more influential in all aspects of the purchasing journey.
  • Facebook is the clear winner in social commerce, with its huge user base and wide-ranging demographics.
  • However, retailers should have a presence on every platform their target market is on. Each platform will require a different strategy for retailers to resonate with its users.
  • Retailers can also benefit from bringing social aspects in-house. They can do this by building their own in-house social networks, or by embedding social media posts into their sites.

 

BY:  

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

IoT And Your Digital Supply Chain

IoT And Your Digital Supply Chain

IoT And Your Digital Supply Chain

“Money, it’s a gas. Grab that cash with both hands and make a stash”, Pink Floyd is always near and dear to my heart. No doubt the theme song to a lot of producers of devices that fall into the category of Internet of Things or IoT.

I can’t help but to giggle at the image that comes to mind when I think about IoT manufacturers. I have this vision in my head of a wild-eyed prospector jumping around after finding a nugget of gold the size of a child’s tooth. While this imagery may cause some giggles it also gives me pause when I worry about what these gold miners are forgetting. Security comes to mind.

I know, I was shocked myself. Who saw that coming?

While there is a mad rush to stake claims across the Internet for things like connected toasters, coffee makers and adult toys it seems security falls by the way side. A lot of mistakes that were made a corrected along the way as the Internet evolved into the monster that it is today are returning. IoT appears to be following a similar trajectory but, at a far faster pace.

With this pace we see mistakes like IoT devices being rolled out with deprecated libraries and zero ability to upgraded their firmware or core software. But, no one really seems to care as they count their money while they’re still sitting at the table. The problem really comes into focus when we realize that it is the rest of us that will be left holding the bag after these manufacturers have made their money and run.

Of further concern is the fractured digital supply chains that they are relying on. I’m worried that with this dizzying pace of manufacture that miscreants and negative actors are inserting themselves into the supply chain. We have seen issues like this come to the forefront time and again. Why is it that we seem hell bent on reliving the same mistakes all over again?

One of my favorite drums to pound on is the use of deprecated, known vulnerable, libraries in their code. I’ve watched talks from numerous presenters who unearthed this sort of behavior at a fairly consistent pace. What possible rationale could there be for deploying an IoT device in 2016 with an SSL library that is vulnerable to Heartbleed?

I’ll let that sink in for a moment.

And this is by no means the worst of the lot. These products are being shipped to market with preloaded security vulnerabilities that can lead to all manner of issues. Data theft is the one that people like to carry on about a fair bit but, it would be a fairly trivial exercise to compromise some of these devices and have them added to a DDoS botnet.

What type of code review is being done a lot the way by code written by outsourced third parties? This happens a lot and really does open a company up to a risk of malicious, or poor, code being introduced.

The IoT gold rush is a concern for me from a security perspective. Various analyst firms gush about the prospect of having 800 gajillion Internet enabled devices online by next Tuesday but, they never talk about how we are going to clean up the mess later on. Someone always has to put the chairs up after the party is over.

 

IoT And Your Digital Supply Chain By:  Dave Lewis

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

1 2 3