Skip to content

News of Day: The Rowhammer and this week is Patch Tuesday.

In tip of Day segment we have a serious problem, as Rowhammer opens a new security angle which cannot be patched for some machines.dramsmall

 

Some RAM has a bit-flipping problem in certain situations which can cause an escalation of privilege, so if the hacker is on the computer, they can get admin or root access.

We need to realize that today's researchers develop exploits that then criminals use to attack our computers, and then the script kiddies use to attack the people who don't know how to use computers.

 

So we have to develop a new method of thinking - security must be built into our processes and methods. Compliance means security first. Otherwise we will get blindsided by the newest researcher attacks.

 

Remember our systems were not built for security first, the internet was not built with security in mind. So we will have many other attacks and eploits to keep in mind.

 

This is why you need a security department, somebody who is thinking about the security angle all the time.

Contact Us

the video itself;


Here is a story on how to improve your privacy on your iPhones

http://www.zdnet.com/pictures/new-iphone-ipad-change-these-ios-8-privacy-settings-immediately/

 

Bruce Schneier's post on privacy in general:

https://www.schneier.com/blog/archives/2015/02/everyone_wants_.html

 

We also need more Cybersecurity  http://oversitesentry.com/how-do-we-improve-security/  We need more Ethical hackers in every company understanding the issues

 

Use the principle of Philotimo to be an Ethical Hacker. The friend of Honor will "do the right thing"

Also an apt Youtube video (regarding ΦΙΛΟΤΙΜΟ)  http://youtu.be/DaPF4_-gH4g

 

To listen and educate yourself on the Netneutrality is:

Interesting economist (Professor Hazlett of economics) explains the Nuts and bolts of the net neutrality

Minute 44 is DSL sales growth and usage in the telecom industry.

I saw the Internet industry grow and change like Hazlett is talking about from 1996 until today

Minute 51 had an example of a Net neutrality violation (Metro PCS streaming Youtube but not others - like Netflix or Hulu)

At about an hour questions start.

 

As in my video - even after listening to Hazlett discuss this for an hour, I still think it will depend on the political power of the various factions. Of course the law is going to come down on NetNeutrality as well.

Hmmm  there are a 1000 phone companies in America (2-4 we can name) the rural companies get government subsidies.

 

The Fixvirus video show that explains it:

According to Kaspersky Group  report:

http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf

There is malware that can infect hard drive firmware and then perform other tasks

At page 23 #14 says:

23

 

"14.
What C&C infrastructure do the Equation group implants use?
The Equation group uses a vast C&C infrastructure that includes more than
300 domains and more than 100 servers. The servers are hosted in multiple countries, including the US, UK, Italy, Germany, Netherlands, Panama, Costa Rica, Malaysia, Colombia and Czech Republic.
All C&C domains appear to have been registered through the same two major
registrars, using “Domains By Proxy” to mask the registrant’s information.
Kaspersky Lab is currently sinkholing a couple dozen of the 300 C&C servers."
C&C means command & control.
The infected hard drive means nothing without being able to "phone home".  So since it has to contact its C&C server we can detect that. Once we detect it we can stop the transmission - Use an IPS system firewall (a Next Gen FireWall) properly configured can protect against the malware.
Contact Us to help you with setting up your IPS or purchasing an IPS system that works for you.

First we made a special short video on what an Ethical hacker does:

Second the Video for the Fixvirus Security show:

News of Day is about this week's  patch Tuesday, there are several critical patches for Microsoft software and your IT department should patch multiple patches, as they are remote code execution (and thus very dangerous). Hackers can create attacks any time now, and if you do not patch your machine then it will be hacked by criminal Hackers.

 

Tip of Day: We need to move to a Six Sigma IT methodology - which means we need to

A. Define

B. Measure

C. Analyze

D. Improve

E. Control

 

So we need to test your IT environment to ensure it is performing as prescribed.

The only way to create an environment where only 1 mistake in a million can occur is if you are constantly testing from the outside.

that is where we can help: http://www.fixvirus.com/contact-us/

 

Sophos has a good article detailng some potential methods the hackers can use to extort money out of companies:   Nakedsecurity Sophos Blogsite

This is the important part:

1. Hackers hack and penetrate your systems, including customer databases

2. Customer data will be encrypted - a ransom will be put on the data (that is the old method)

2a. now the new method is to modify only some of the data like usernames or passwords (sometimes passwords and usernames are set by the customer) so it is impossible to find this encryption until customers call saying they cannot access their accounts.

3. Customers log onto your site and they get infected with ransomware themselves on their personal computers.

 

So what just happened?

A. your server inattention has caused your customers their data and the relationship with you is now harmed.

B. The fix to this is not a restore of data, since it may have been done some time ago. And thus is in your backups as well.

cryptolocker-ransomwaremessage  This is a Cryptolocker2.0 message

We must figure out how to restore before the hack.

How do you know? Test, test, and test keep your datapoints

We are all about  testing here at Fixvirus.com   Contact us to help you in this new cybersecurity environment

 

Here is the Fixvirus Security Show explaining this and Risk Management problems.

The video expounds on the Risk Management failure as well (in tip of day segment)

That was started on our blog post:  http://oversitesentry.com/?p=1400 "Risk Management does not work"

 

Brian Krebs has updated his Blog: and his famous picture (how much is your hacked computer worth):

http://krebsonsecurity.com/2015/01/fbi-businesses-lost-215m-to-email-scams/

becstats IC3 data - Internet Crime http://www.ic3.gov /about/default.aspx  ic3-banner4

The BEC is a global scam with subjects and victims in many countries. The IC3 has received BEC complaint data from victims in every US state and 45 countries. from 10/1/2013 to 12/1/2014 the following stats were reported(now look at image above):

total US victims: 1198

total US dollar loss: $179mil

total nonUS victims: 928

total nonUS dollar loss: $35mil

combined victims: 2126

combined dollar loss: $214mil

So Brian Krebs has updated his how much is your computer worth to hackers image:

HE-1-Krebsonsecurity.com

So Brian reviews what can happen to your email account if somebody is able to take it over and use it for their own money making schemes.

If I attempted to put a small dollar amount on these accounts, how much is your email account worth?

Google: $2

Facebook: $2

iTunes: $3

Amazon: $3

Walmart: $3

Netflix: $2

Dropbox: $2

Salesforce: $2

Fedex:$1.50

UPS: $1.50

Bank acct: $4

Steam:$2.50

Total:  $28.50 ? or more?

this is my image:

tonyz-hackedemailacctworth

 

My list is only a partial one, but I am trying to make it more personal - and give the hack a certain dollar amount. I am trying to create awareness, also note the comments in BrianKrebs post:

briankrebscomments

You can click on the image or go to Brian's site to read them, but I qwant to transcribe one of them in specific(bottom one):

"Almost word for word what happened to an affiliate company of ours. Slightly altered domain name appearing as someone’s VP, email request to wire funds, funds were sent, fund transfer frantically reversed at the 11th hour."

This attack is used in a manner that was not even a hacked email account, just a slightly modified domain name with a wire transfer fund using the name of the VIP. What are the odds that 2 comments similar in nature one after the other? Criminals are preying on our good graces and naivety.

 

If you need help in working on your compliance on passwords, or testing other aspects of your security policy, i can help with the Omega Scan service:

http://oversitesentry.com/solutions/omega/

Omega-Logo-819x1024  It is a unique service.

 

Here is the video to go along with this post

Pentesting every 3 months for entities with more than 20k transactions

annually for less than 20k transactions.

Why do you need to pentest?

Because things happen, and it is good to review your security profile

 

Have some Philotimo -


philotimogreekbreathing
  philotimopeterpappas

philotimohuffingtondo the right thing - defend your site by scanning. http://oversitesentry.com/solutions/

Philotimo video:

Today's Fixvirus Security Video:

Also discussing the Oversitesentry blog post about QWERTY keylogger: http://oversitesentry.com/?p=1351

 

Risk analysis and patch management is important.

We discuss that on this day, since there were 2 Adobe vulnerabilities that we discuss on our blog:

http://oversitesentry.com/patches-i-dont-need-those-stinkin-patches/

Patch Management is when you decide with risk based analysis which patches get installed to your environment over time.

Tools can be used to improve the time and resources used to implement.

 

Because as the blog post and video discuss, 169 Oracle, 62 Chrome, 9 Firefox, and at least 2 Adobe patches cause quite a resource issue.  You must have a plan in place as this is just the first month (there were over 7000 vulnerabilities last year).ciscoreportcumalerttotal

the image is from the Cisco Security report that just came out.

http://www.cisco.com/web/offers/pdfs/cisco-asr-2015.pdf  also from another Ovresitesentry post:

http://oversitesentry.com/new-cisco-annual-report-is-out/

 

Contact us to help you with patch management and compliance requirements.

http://www.fixvirus.com/contact-us/

314-504-3974

 

We are explaining a little more about pentesting and the service that we have (Sigma Scan) in tip of day.

In News of day we discuss #OpFrance where the political hackers are trying to attack various French Websites including France24:

anonopSaudiX2 Here is a tweet from "Anonymous Saudi hacker" off Twitter

Video:

SigmaScan info on Oversitesentry:  http://oversitesentry.com/solutions/sigma/

What will be your solution to potential attacks on your machines? will it be to trust in your provider that they are doing everything they can? or will you be proactive and do some testing (like the Sigma Scan)

 

Contact Us as we can help you test your website to reduce the likelihood of hacker penetration and exploits.

 

Created a SVAPE & C only video as well: