Tag: Recent News

G-Mail Users Will Soon Have To Use New Design

<img class=”alignnone size-full wp-image-7970 alignleft” src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/gmail-resized.jpg” alt=”” width=”300″ height=”225″ />Change is coming, and not everyone is happy about it.  Recently, Google redesigned its G-mail interface, and since then, they’ve allowed their free users to opt into the new changes.  G-Suite users may or may not see the option to try the new interface, depending on whether their administrators have enabled the option and made it visible.

The company just announced that beginning in July, 2018, administrators will be required to give all users the ability to opt into the new interface.  Then, sometime in September 2018, all users will be switched to the new interface by default, although the option to switch back to the old interface will be available for approximately one month.  After that, the option to use the old interface will vanish, and all G-Suite users will only be able to use G-Mail using the new interface.

The company has not made any official announcement regarding users who have free G-Mail accounts. However, most industry insiders expect that given the timetable outlined above for G-Suite users, free G-Mail users can expect an email or other communication from Google about when the option to use the old interface will be going away for good.  Ultimately, Google means for everyone to use their new interface design, and will certainly enforce that.

Google’s handling of the change has been exceptional.  Change comes to us all, and in business, sometimes it can descend at a terrifying pace.  Only by slowing things down to a more human scale can you give your employees time to adapt and grow accustomed to the coming change.

Kudos to Google for a job well done, and business owners, take note.  Change may be inevitable, but it doesn’t have to be scary.  Just give your employees time to get used to the idea.

Microsoft Purchases GitHub – What Does This Mean For Open Source?

Microsoft just made a big, significant purchase that has raised more than a few eyebrows.  They just acquired GitHub for a hefty $7.5 billion.

What makes the purchase interesting and potentially troublesome is that Microsoft is the world’s largest proprietary software company, and GitHub is the world’s largest open source hosting service.

The natural question on everyone’s mind then, is what does this mean for open source?  Is it doomed?  Is it soon to go the way of the dinosaur, or will Microsoft hold the reins of power loosely and let open source continue to flourish?

Those are fair questions, especially given that GitHub is used by more than 28 million developers around the world, and is home to more than 85 million code repositories.  In addition to that, the company was built on Git, which is an open source version control software written by Linus Torvalds (the creator of Linux). Its founders have worked hard to develop innovative workflows that have made the hub easy to use and work with.

The fear is that Microsoft will start strangling those developments and insist that GitHub begin using proprietary Microsoft products.  While it’s too early to say for certain, the early indications are encouraging.  Microsoft has stated that GitHub will be allowed to retain its status as an “open platform” and its service will continue to be offered for free.

Having said that, there will be some changes, including the fact that Microsoft will be offering integration between its AppCenter mobile testing service and projects hosted on GitHub.  This builds on previous collaborations between Microsoft and GitHub.  Last year, GitHub announced that they would support Microsoft’s “Git Virtual File System,” which the company designed for enterprise-sized data repositories.

The skeptics are right to be skeptical, but so far, the early indications are positive.  Note that it’s not a done deal just yet.  The merger is subject to regulatory approval in both the US and the EU.

Hacked Routers Being Used To Spread Malware

Beware of compromised routers spreading malware.  This is according to both Kaspersky Labs and a recently released government report.

Using hacked routers to spread malware is nothing new.  Security insiders have known about it for years. However, since 2008, the number of instances where routers are being used to push malicious code has been steadily increasing. Researchers are observing marked increases in their use by APTs (Advanced Persistent Threat) around the world.

APTs are nothing new either, although their ranks have been growing in recent years.  Many are state-sponsored hacking groups with virtually unlimited resources. Some are simply tight-knit groups of hackers banding together under a single banner.

Many people view hackers as lone wolves and that there are millions of lone wolves hacking networks across the globe.  Increasingly though, these are becoming minor actors on the world stage.  The real threat is now well-organized groups of hackers who can execute highly coordinated globe-spanning attacks and create botnets comprised of tens, or even hundreds of thousands, of compromised computers.

In addition to identifying and calling attention to a little-known attack vector, the recent announcement underscores an important weakness in current cybersecurity thinking.  Most people are still laboring under the faulty assumption that they’re facing individual hackers operating out of a dark room in someone’s basement.

While those types of threats are no doubt present, it’s false to assume that’s where the biggest danger lies.  If you get hacked, it’s just as likely (perhaps even more likely) that you’re actually facing a well-organized group who may have more resources at their disposal than your entire IT department.  While you’re preparing to fight a skirmish, the barbarians are coming to your gates with an army.  Most people are simply planning to fight the wrong type of battle, and that could prove to be a devastating mistake.

Study Shows Employee Satisfaction Is Higher With Technology Improvements

A new study recently published by HPE Aruba called “The Right Technologies Unlock The Potential Of The Digital Workplace,” reveals some interesting details about technology in the workplace that’s worth paying attention to.

The study was conducted by collecting feedback from more than seven thousand companies of various sizes around the globe.  These were broken broadly into two groups: “Digital Revolutionaries,” which made more and better use of cutting edge technology, and “Digital Laggards” which were slower to adopt the latest and greatest technologies.

The headline statistic is that 51 percent of employees working in companies employing more technology reported greater job satisfaction, and an impressive 72 percent of employees in these companies reported a greater ability to adopt new work-related skills.

Other intriguing statistics include:

  • 31 percent of respondents in the “Digital Laggard” category indicated that tech aided their professional development, compared with 65 percent in the “Digital Revolutionary” category
  • 92 percent of respondents said that more technology would improve the workplace overall
  • 69 percent of respondents indicated a desire to see fully automated equipment in more widespread use in the workplace

Joseph White, the Director of Workplace Strategy, Design and Management at Herman Miller said in a press release:

“No matter the industry, we’re seeing a move toward human-centric places as enterprises strive to meet rapidly changing expectations of how people want to work.  This depends upon combining advances in technology -which includes furnishings- with the cognitive sciences to help people engage with work in new ways.  This will not only mean singular, premium experiences for individuals, but also the opportunity for organizations to attract and retain the best talent.”

The study notes, however, that cyber security issues remain as challenging as ever.  Survey respondents reported lower than average cyber security awareness, which could lead to greater risks and exposure as workplaces become increasingly digitized.

While a small majority (52 percent) of respondents reported thinking about cybersecurity often (daily), fully a quarter have connected to unsecured WiFi and one in five reported using the same passwords across multiple web properties. These are the two most dangerous cybersecurity-related behaviors.

Clearly, increased technology has its risks.

TicketFly Customer Information May Have Been Hacked

<img class=”alignnone size-full wp-image-7987 alignleft” src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/ticketfly-hacked-resized.jpg” alt=”” width=”300″ height=”225″ />Another week, another high-profile data breach, but this one can be filed under “Missed Opportunity.”  The site in question is “TicketFly,” which is a web-based event ticket sales website owned by a company called Eventbrite. The TicketFly website was down since May 31st, and the normal homepage had been replaced by an image of Guy Fawkes with the message “Your Security Down I’m Not Sorry.”

The page formerly contained links that pointed to compromised customer information, but those have subsequently been removed by the company, which is still scrambling to recover.

Unfortunately, TicketFly was given every opportunity to avoid the incident altogether.  The hacker responsible for taking the site down goes by the handle “IsHakdz,” and claims that he contacted TicketFly, warning them of serious security flaws that would allow a hacker to take control of the site and all of the company’s databases.  He asked for 1 Bitcoin to reveal the technical details.  When the company failed to respond, he decided to show them he was serious, and did exactly as he claimed he could do.

While you might question the hacker’s actions, his motives seemed pure enough, and the reality is that many companies have “Bug Bounty” programs where they pay researchers who find critical security flaws.  The bounty payouts are typically less than a bitcoin, but the idea is the same.  Unfortunately, TicketFly didn’t have such a program and even after having been warned of the flaws in their system, they took no meaningful action until the hacker forced them to do so.

While it’s not impossible to envision a scenario in which this hacker would resell the data he was able to get his hands on, the actions of this particular individual seem to point in the opposite direction.  Even so, if you’ve made a purchase on the TicketFly database, it’s better to be safe than sorry, and carefully monitor the payment card you used to make the purchase. It goes without saying that you should change your TicketFly password immediately.

Massive Malware Attack Stemmed From Bittorent App

According to a Microsoft security researcher, a massive malware attack attempted to install a cryptocurrency mining software on more than 400,000 computers in less than twelve hours.  The failed campaign is noteworthy because of the attack vector used.  It was a supply chain attack implemented by compromising Bittorrent, a highly popular program used to share and download files.

Until recently, security professionals discounted the very possibility of supply chain attacks, regarding them as highly improbable occurrences.  The sad truth, however, is that they’re becoming increasingly common.  Over the past couple of years, we’ve seen a growing number of them, including CCleaner, which is a popular disk-maintenance program.  A poisoned version of it was delivered to more than two million of the software’s users.

In another supply chain attack, M.E. Doc (a tax and accounting application which is widely used in the Ukraine) was tainted and contained the NotPetya wiper worm, and shut down computers all over the world just last year.

Then there was a collection of Android apps that came preinstalled on phones from not one, but two different manufacturers that allowed hackers unfettered access to the data on those phones.  In fact, this is actually the second time Bittorrent has been hijajcked.  Last year, a tainted version of the client installed ransomware on Macintosh computers around the world.

Fortunately, this latest attack was not successful, although Microsoft researcher reported that Windows Defender blocked more than 400,000 attempts to infect computers between March 1st and March 6th, with the actual Bittorrent infection occurring sometime between February 12 and February 19.  In this instance, the threat was regional, with most of the computers being located in Russia, Turkey, and the Ukraine.

While this was the latest supply chain attack, it certainly won’t be the last. Worst of all, these kinds of attacks are notoriously hard to prevent because updates coming from trusted sources are often installed without question.

Major Server Ring Distributing Malware Taken Down

Score one for the good guys.  A researcher from BrilliantIT was recently able to figure out how infected computers would connect to EITest’s command and control server, and using that information, was able to bring down their entire network.

If you haven’t heard of EITest before, the true significance of that statement might not be registering.

EITest first appeared in 2011.  In its original incarnation, it was little more than an annoyance.  It was a collection of compromised servers used to direct web traffic to poisoned websites, where the owners could infect unsuspecting users with their homegrown malware.

In 2013, EITest’s owners got savvy, relentlessly grew their network to more than 52,000 compromised machines and started renting their network out to hackers around the world to drive traffic to their poisoned websites. This unleashed a torrent of wildly destructive malware.  Ever since, it’s been a thorn in the side of IT professionals everywhere.

Using the crack discovered by BrilliantIT, researchers were able to redirect all traffic to a sinkhole, effectively shutting the network down altogether.

Since then, it appears that the hackers have made one halfhearted attempt to regain control of their network, and then apparently gave up on the idea.

While this is undeniably good news, EITest isn’t the only traffic distribution network on the Dark Web, and even if the hackers have given up on the idea of recovering access to their old network, there’s nothing stopping them from building a whole new one.  That’s not to undercut the significance of the victory here, but rather, merely to point out that it’s a temporary win and reprieve, at best.  They’ll be back.  They always come back.

Good news is rare on the security front, and when it is found, we should all take a moment to celebrate.  Kudos to the team at BrilliantIT!

Intel Taking Additional Steps To Prevent Security Flaws

By now, you’ve almost certainly heard of “Spectre,” one of two recently discovered security flaws that impact every chip made by Intel in the last ten years.

The story of Spectre, and Intel’s response to it has been an interesting one.  In response to the flaw’s discovery, Intel rushed a firmware patch, but quickly had to take it back and recommend that users not install  it, because it created as many problems as it solved.

Intel has since released a better, more stable patch, but hasn’t stopped there.  The company recently revealed that it is introducing various hardware protections against Spectre-like vulnerabilities that may be detected in the future.

According to Intel’s CEO, Brian Krzanich, “(We have) redesigned parts of the processor to introduce new levels of protection through partitioning.  As we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical.  Our goal is to offer not only the best performance, but also the best secure performance.”

While that is welcome news for people planning to make purchases in the near future, owners of existing Intel-powered equipment will still have to have to rely on firmware updates for Spectre protection. This unfortunately comes with the tradeoff of a hit to CPU performance.

In tandem with that update, the company also announced that as of now, they have firmware updates available for all of its products launched within the last five years.  This coupled with their recent partnership with Microsoft to help deliver Spectre updates to their legions of impacted customers should provide peace of mind, even with the expected hits to system performance.

Unfortunately, with new variants of Spectre and Meltdown being discovered on a regular basis, this is likely not the last we’ll hear about this issue.

Researchers Find Major Vulnerabilities In Banking Apps

Do you do your banking online?  If so, there’s bad news in the form of a report recently released by the security firm “Positive Technologies.”

The company tested a variety of websites using a proprietary tool they developed in-house, which scans websites for security flaws.  While flaws were found across a wide range of industries, literally every banking site Positive Technologies tested was found to have serious security flaws.

The particulars varied from one bank to the next, but the security flaws included:

  • XML external entity errors
  • Arbitrary file reading and modification flaws
  • Expired or nonexistent SSL certificates
  • Poor or nonexistent encryption

Some banking websites were so flawed that a hacker could execute a ‘man in the middle’ attack and execute malicious code to infect the user’s machine. They could potentially make off with all their money and with more than enough information to steal their identity.

Some 80 percent of sites tested were found to be vulnerable to XSS (cross-site scripting) attacks.

Regardless of the specific vulnerability, the big, terrifying takeaway from the Positive Technologies report is simply this:  Of the financial sites they tested, 100 percent of them were found to have vulnerabilities.

These are the people who are tasked with safeguarding your money, and they’re obviously not doing enough to keep their websites secure.

Firewalls and basic detection protocols are simply not enough.  The hackers of the world have matured and gotten better at what they do, and security professionals simply haven’t been improving as quickly.  This is the reason we’re seeing such a massive spike in high profile data breaches.  The reason is that each year is a new, record-breaking year, beating out the one before, often by a wide margin.

Until that changes, everyone is at risk.  Given how important the internet has become to international commerce and modern life, that’s simply unacceptable.

Attackers Targeting Job Seekers Via Listings And Recruitment

Cyber-criminals around the world are increasingly focusing their attention on job seekers.  According to the security firm Flashpoint, there has been a notable uptick in ploys involving phony job listings that attempt to get job seekers to give up personal information.

Perhaps the biggest surprise is the fact that this is only now becoming a growing threat.  After all, from the cyber-criminal’s point of view, it’s low hanging fruit.  Job seekers expect that they’ll be asked for all types of personal information when applying for positions, after all.

As long as the criminals take the time to make their offers appear legitimate, most applicants wouldn’t think twice about sending in their resume (complete with physical address and phone number), and then, a bit later in the process, their social security number and other personal and confidential information.

According to Flashpoint analyst David Shear, it’s not just personal information the criminals are after, however.  Increasingly, criminals are seeking to engage the services of the people who “apply,” by using them as unwitting money mules, or using them as part of an intricate money laundering scheme.

On top of that, it’s all too easy for the criminal to respond to an applicant’s inquiry with an email containing an attachment (usually a poisoned PDF).  Again, since the applicant thinks he (or she) has replied to a legitimate offer for employment, odds are excellent that they’ll open the attachment without hesitation.

At that point, whatever payload the poisoned file contained is installed onto their computer, which can have devastating consequences, depending on the nature of the malware the criminals want to install.

Shear also notes that he and his team have seen an increase in the number of inquiries on the Dark Web asking after compromised business accounts, and offers this explanation as to why: “Attackers want access to business accounts in order to leverage their phony job listings and recruit people who would ultimately participate in fraud without their knowledge.”

All that to say, job seekers beware.  It seems that no low is too low where these criminals are concerned.