News

HP Patches Hundreds of Laptops to Remove Hidden Keylogger

Computer Culture Admin - Monday, December 18, 2017
Hacked In November 2017 Hewlitt Packard revealed that nearly 500 of its notebooks dating as far back as 2012 were shipped with a secret keylogger installed. Before the issue was publicly disclosed, HP owned up to the mistake of leaving this tool inside of its laptops, and on Nov. 7 posted device-specific patches for most of the models affected, which can be downloaded.

Hopefully, the tool was already removed from your notebook, as Microsoft bundled those patches into the November Windows update, but if you have any concerns feel free to get in contact.

Security researcher Michael Myng discovered the keylogger when probing the Synaptics touchpad software on an HP laptop. HP’s security bulletin says the “potential security vulnerability” affects all laptops with “certain versions of Synaptics touchpad drivers”— not necessarily just HP models. The keylogger is disabled by default, however.

“A party would need administrative privileges in order to take advantage of the vulnerability,” the bulletin states. “Neither Synaptics nor HP has access to customer data as a result of this issue.” HP told Myng that the keylogger was a debugging tool.

The same security bulletin includes separate software updates for every HP laptop loaded with the keylogger, and HP says you should install those updates “as soon as possible.”

For the original article please go here.
Trackbacks (0) | Permalink

Uber Has 57 Million Records Stolen and Hides Data Breach for A Year

Computer Culture Admin - Monday, December 18, 2017
HPUber is known for pushing the limits of the law and has dozens of lawsuits pending against it, but this one went too far and now comes the reckoning.

Bloomberg was first to report that hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year. Recently, they fired their chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers to "delete the data". Yeah, sure!

 

Victim Of A Simple Credentials Phishing Attack?

Here’s how the press describes the hack: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. If you read between the lines, that could very well be a simple credentials spear phishing scheme, done with some crafty social engineering, or perhaps careless developers leaving internal login passwords lying around online.

 

Failure To Disclose

Joe Sullivan, the outgoing security chief, spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year.

 

Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.

 

No doubt regulators will also be asking tough questions about why they were not informed about the breach until this week, and class-action lawsuits... heeeere we come!

 

Uber says it has "not seen evidence of fraud or misuse tied to the incident." Let's hope that they are right, but it is highly unlikely that these records were deleted. It's practically sure they are sold on the dark web or will be. There are many ways that data could be abused by criminals without Uber ever becoming aware.

All organizations would be wise to remember this: SNAFUS are bad, but cover-ups can kill you. You can ask forgiveness for being hacked and handle your disclosure correctly, but many people will find it harder to forgive if you deliberately covered up the truth.
Trackbacks (0) | Permalink

Check Your Home Network

Computer Culture Admin - Thursday, November 16, 2017
HP Bitdefender, the home version of our managed antivirus has developed a home network scanner to enable you to check for any dodgy devices on your network, it’s available as a free download.

Bitdefender Home Scanner lets you see all devices connected to your home network. You get an alert every time an unknown device connects to your wi-fi. Which means you can instantly boot out freeloaders and prevent connection slowdowns.

Home Scanner looks for weak passwords, as well as vulnerable or poorly encrypted communications. It correlates the information gathered from your connected devices with online vulnerability databases and gives you a thorough report so you can ensure maximum security for your network.

For more information go to Bitdefenders website here.

Trackbacks (0) | Permalink

How to Remove Cookies

Computer Culture Admin - Thursday, November 16, 2017
Hacked
On a PC or mobile device cookies can compromise your privacy, and fill up your storage. If you’re concerned about what websites are leaving behind, and how advertisers are accessing that data, here are some instructions on how to clear cookies from the latest version of your favourite web browser.

So what are cookies?
Cookies are small text files written by a web browser that contain information about your interaction with one specific site. They include information such as what you put into a virtual shopping cart, your username for logging into the site (not the password), products you viewed during your last visit, and any other information that could be used to tailor the visit just for your needs.

Typically, cookies pose no threat to your computer. But many cookies can compromise your privacy. That’s because advertising companies are prone to embedding cookies with web advertisements, allowing them to easily track your browsing history, and tailor ads toward your individual habits across multiple sites.

Cookies don’t take up much space on your hard drive. In fact, they’re extremely small, and should only be a concern for mobile devices with small amounts of storage. For instance, even without clearing the cookies in Chrome on PC for many, many months, we’ve only accumulated around 4MB worth of cookies. That said, the amount of volume they use isn’t troublesome; it’s the privacy risks that are difficult to ignore.

Google Chrome
Google Chrome lets you easily delete cookies, control browsing data, and specify what sort of files Google Chrome should accept or block. Here’s how:

Access content settings: Click on the “Menu” tab in the upper-right corner, and select “Settings.” Once the new tab opens, scroll to the bottom of the page and click on “Advanced.” This will expand the “Settings” page to include additional options.

The first expanded window you should see is the “Privacy and security” panel. Next, click on “Content settings,” and then select “Cookies.”

You may also simply type “chrome://settings/content/cookies” into your address bar, and Chrome will take you to your intended destination.

Cookie juggling: On the “Cookies” panel, you will see three toggles: allow sites to save and read cookie data (recommended), keep local data only until you exit Chrome, and block third-party cookies. This third option means advertisements won’t be able to read cookie data provided by a parent website, preventing them from using that information across multiple sites.

Smashing cookies: Google also provides options to block specific sites from leaving cookies, to allow specific sites to leave cookies, and to clear cookies left behind by specific websites when exiting Chrome. If you want to delete it all, click on the “Remove All” button, and you will be cookie-free. You can delete cookies individually, too.

For Android, iOS: Access Chrome’s menu, go to “Settings,” and then find the “Privacy” tab under “Advanced” settings. From there, select “Clear Browsing Data” at the bottom, and check “Clear cookies and site data.” There are also options for clearing your browser history, and removing space-eating cached images and files.

Mozilla Firefox
Access custom settings: Click on the “Menu” three-lined icon in the top-right corner. In the drop-down menu, select “Options,” which will open a new “Preferences” tab. On this page, select “Privacy” listed on the menu to the left, and then head to the “History” section. Here you will need to choose “Use custom settings for history” in the drop-down menu located next to “Firefox will…”

Cookie juggling: With the advanced history settings enabled, you should see an option to toggle on/off “Accept cookies from sites.” To the right, Mozilla provides an “Exceptions” button where you can control the cookie flow. These include blocking or allowing cookies from specific sites, and allowing a cookie from a specific site for only one browsing session. This is done by inserting the address of the website.

Next, you have the ability to accept or deny third-party cookies, or accept third-party cookies from sites you already visited.

Smashing cookies: To manually delete cookies in Firefox, you’ll need to hit the “Show Cookies” button. A window appears with a search field for locating a specific cookie, and a list of all cookies stored on your device. You can hit the “Remove Selected” button to delete a highlighted cookie, or hit the “Remove All” button to delete all the cookies.

Firefox (iOS): Tap the New Tab button (top right, with the number in it). Now tap the cog button in the top left of the screen. Scroll down to “Clear private data.” On the next screen, make sure “Cookies” is selected, then tap “Clear Private Data.”
Trackbacks (0) | Permalink

What is a Firewall?

Computer Culture Admin - Thursday, October 19, 2017
Hacked
By Brandon Butler – senior Editor Network World

Firewalls act as a perimeter defence tool that monitor traffic and either allow it or block it. Over the years functionality of firewalls has increased, and now most firewalls can not only block a set of known threats and enforce advanced access control list policies, but they can also deeply inspect individual packets of traffic and test packets to determine if they’re safe. Most firewalls are deployed as network hardware that processes traffic and software that allow end users to configure and manage the system. Increasingly, software-only versions of firewalls are being deployed in highly virtualized environments to enforce policies on segmented networks or in the LaaS public cloud.

Types of firewalls

Advancements in firewall technology have created new options firewall deployments over the past decade, so now there are a handful of options for end users looking to deploy a firewall. These include:

Stateful firewalls – When firewalls were first created they were stateless, meaning that the hardware that the traffic traverse through while being inspected monitored each packet of network traffic individually and either blocking or allowing it in isolation. Beginning in the mid to late 1990s, the first major advancements in firewalls was the introduction of state. Stateful firewalls examine traffic in a more holistic context, taking into account the operating state and characteristics of the network connection to provide a more holistic firewall. Maintaining this state allows the firewall to allow certain traffic to access certain users while blocking the same traffic to other users, for example.

Next-generation firewalls – Over the years firewalls have added a myriad of new features, including deep packet inspection, intrusion detection and prevention and inspection of encrypted traffic. Next-generation firewalls (NGFWs) refer to firewalls that have integrated many of these advanced features into the firewall.

Proxy-based firewalls – These firewalls act as a gateway between end users who request data and the source of that data. All traffic is filtered through this proxy before being passed on to the end user. This protects the client from exposure to threats by masking the identity of the original requester of the information.

Web application firewalls – These firewalls sit in front of specific applications as opposed to sitting on an entry or exit point of a broader network. Whereas proxy-based firewalls are typically thought of as protecting end-user clients, WAFs are typically thought of as protecting the application servers. 

Firewall hardware

Firewall hardware is typically a straightforward server that can act as a router for filtering traffic and running firewall software. These devices are placed at the edge of a corporate network, between a router and the Internet service provider’s connection point. A typical enterprise may deploy dozens of physical firewalls throughout a data center. Users need to determine what throughput capacity they need the firewall to support based on the size of the user base and speed of the Internet connection.

Firewall software

Typically end users deploy multiple firewall hardware endpoints and a central firewall software system to manage the deployment. This central system is where policies and features are configured, where analysis can be done and threats can be responded to.

Inside a next-generation firewall

Modern firewalls are a collection of features. These include:

-Stateful inspection: This is the basic firewall functionality in which the device blocks known unwanted traffic

-Anti-virus: The functionality that searches for known virus and vulnerabilities in network traffic is aided by the firewall receiving updates on the latest threats and being constantly updated to protect against them.

-Intrusion Prevention Systems (IPS): This class of security products can be deployed as a standalone product, but IPS functionality is increasingly being integrated into NGFWs. Whereas basic firewall technologies identify and block certain types of network traffic, IPS uses more granular security measures such as signature tracing and anomaly detection to prevent unwanted threats from entering corporate networks. IPS systems have replaced the previous version of this technology, Intrusion Detection Systems (IDS) which focused more on identifying threats rather than containing them.

-Deep Packet Inspection (DPI): DPI can be part of or used in conjunction with an IPS, but its nonetheless become an important feature of NGFWs because of the ability to provide granular analysis of traffic, most specifically the headers of traffic packets and traffic data. DPI can also be used to monitor outbound traffic to ensure sensitive information is not leaving corporate networks, a technology referred to as Data Loss Prevention (DLP).

-SSL Inspection: Secure Sockets Layer (SSL) Inspection is the idea of inspecting encrypted traffic to test for threats. As more and more traffic is encrypted, SSL Inspection is becoming an important component of DPI technology that is being implemented in NGFWs. SSL Inspection acts as a buffer that unencrypts the traffic before it’s delivered to the final destination to test it.

-Sandboxing: This is one of the newer features being rolled into NGFWs and refers to the ability of a firewall to take certain unknown traffic or code and run it in a test environment to determine if it is nefarious.
Trackbacks (0) | Permalink

Billions of devices at risk as Bluetooth-bourne vulnerability exposed

Computer Culture Admin - Thursday, September 28, 2017
HP
A Bluetooth vulnerability dubbed BlueBorne, discovered in April 2017, has been made public after companies including Google and Microsoft issued updates.

US-headquartered security company, Armis Lab, revealed the vulnerability on 12 September 2017.

BlueBorne is an attack vector through which hackers can potentially use Bluetooth connections to access devices including computers, mobile phones and IoT devices.

Such an attack would not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. 

Armis Labs estimates that more than 8 billion devices could be at risk. The vulnerabilities affect all devices running on Android, Linux, Windows and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use.

All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability. 
BlueBorne’s difference to other types of attack vectors is the fact that it spreads through the air, which according to Armis, allows it to spread with minimum effort.

The other major concern is that traditional security measures do not protect from this type of threat. Also, no action from a user is necessary to trigger the attack.

On 19 April, Armis Labs contacted Google and Microsoft about the vulnerability. Google released a public security update and security bulletin on 4 September.

Microsoft had already issued updates on 11 July.

Apple was contacted in August but it had no vulnerability in its current versions. Samsung was contacted on three separate occasions and did not respond to the security company.

Linux was also contacted in August, information was provided to the Linux kernel security team and to the Linux distributions security contact list.

For the original article click here.
Trackbacks (0) | Permalink

Identifying Phishing Emails

Computer Culture Admin - Thursday, September 28, 2017
With the increasing use of phishing emails, we’d like to draw your attention to how to identify whether the email links you are being asked to click are legitimate. This is done by hovering your cursor / pointer over the link and revealing the domain or destination to where you will be sent. If you look at the final part of the domain before the forward slash (/) you can determine whether you think this link is from the organization referred to in the email. In the example below .cenotehopping makes little sense and indicates the link is not authentic. 

If there is a string of cryptic numbers or an .exe file do not click on the link. Ring the organisation who has sent you the email and verify that the email is legitimate.  As always it is better to be cautious than caught out.

Microsoft offers this information on recognising phishing email messages, links, or phone calls.
Trackbacks (0) | Permalink

Bit Defender has been selected as Editor’s Choice by PC Magazine

Computer Culture Admin - Thursday, September 28, 2017
HPPCMAG.COM Neil J. Rubenking - EDITORS CHOICE

Pros
Excellent scores in antivirus lab tests and our own tests. Autopilot mode for no-hassle protection. Best antiphishing score. New ransomware protection. Enhanced password manager. Secure browser. Vulnerability scan.

Cons
Password manager's form-fill ability proved inaccurate in testing.

Bottom Line
Editors' Choice winner Bitdefender Antivirus Plus earns top scores in lab tests and our own tests, and also packs in a wealth of useful bonus features.

The line dividing a simple antivirus utility from a full security suite isn't always clear. Take Bitdefender Antivirus Plus, for example. In addition to every feature you'd expect in an antivirus, it includes a password manager, a hardened browser, a secure deletion utility, a scan for system vulnerabilities, protection against ransomware attacks, and more. However, it doesn't offer a firewall, spam filtering, or parental control, among other features you get with Bitdefender's actual suite products. It's an antivirus, with benefits, and it remains an excellent choice if you're seeking malware protection.

Installation and Appearance
As with many modern security utilities, installation of Bitdefender involves going through your online account. Log into Bitdefender Central, enter your product key, and download protection. During the installation process, it runs a quick scan for active malware.
The product's appearance hasn't changed much since the previous edition, still featuring mostly white text against a dark gray background. A left-rail menu offers access to features: Protection, Privacy, Tools, Activity, Notifications, Account, Settings, and Support. The status panel displays a red warning if your configuration settings put the system at risk. Putting the system back in Autopilot mode should solve such problems, and if you leave Autopilot on, you should always see Protected in green as your status. Autopilot has been a Bitdefender staple for quite a few years now. In this mode, the antivirus takes care of business with an absolute minimum of fuss. It quietly wipes out any malware it finds. It updates itself as needed. If it really wants to communicate with you, it displays a number on the Notifications icon.

Bitdefender Antivirus Plus Main Window
From the Protection and Privacy tabs, you can click to view feature details. Here, you'll begin to realize how this feature-rich antivirus differs from Bitdefender's security suite products. On the Protection Features page, you see that firewall and antispam protection require an upgrade. Under Privacy Features, file encryption, webcam protection, and parental advisor all require an upgrade. The Tools page, furthermore, is filled entirely with features that are only present in Bitdefender's top-of-the-line suite.

Fantastic Lab Scores
Each of the independent antivirus testing labs takes its own approach to testing and scoring antivirus products. The more labs that include a product in testing, the more complete a picture I can get by looking at all their results. I follow five labs, and all five of them include Bitdefender. That's an honor not accorded to many. Of the companies I track, the only others covered by all five labs are Avast, AVG, ESET, and Kaspersky Anti-Virus.

SE Labs attempts to emulate real-world situations as closely as possible in testing, by capturing real malicious websites and using a playback system to hit each product with the exact same attack. This lab offers certification at five levels: AAA, AA, A, B, and C. Bitdefender took the top certification, AAA, along with quite a few others.

Out of the many tests regularly performed by AV-Comparatives, I track results of four. This lab certifies a product at the Standard level provided that it achieves a passing grade. Those that do better, or much better, than the minimum can earn certification at the Advanced or Advanced+ level. Out of four tests, Bitdefender earned four Advanced+ ratings.

Most of the tests that I follow return a numeric result or a rating level. Tests by MRG-Effitas don't do that. A product either turns in a near-perfect performance or it fails, and many do fail. Bitdefender passed this lab's banking malware test. In the general malware test it received Level 2 certification, which means that while it did not completely prevent every malware attack, it did remediate all attacks within 24 hours.

For the full article click here.
Trackbacks (0) | Permalink

CEO Fraud Attacks Were Far More Lucrative Than Ransomware Over the Past 3 Years

Computer Culture Admin - Thursday, August 24, 2017
Hacked
Cisco's midyear report released this week showed that CEO fraud netted cybercrime five times more money than ransomware over the last three years.

The surprising highlight of Cisco's ninety-page report was that cybercrime made 5.3 billion from CEO fraud attacks--called business email compromise (BEC) by the FBI--compared with a "mere" 1 billion for ransomware over a three-year stretch.

Ransomware takes time to develop and extensively test before any Bitcoin comes into the wallet, compared to doing a quick bit of research on LinkedIn and crafting a spoofed spear-phishing attack. CEO fraud simply is faster to pull off. Moreover, your run-of-the-mill spray-and-pray ransomware attacks are often lower-dollar numbers.

Schooling Users on CEO Fraud and Ransomware

Cisco says targeted cybersecurity education for employees can help prevent users from falling for CEO fraud and ransomware attacks. The finance department could especially benefit from security training on phishing campaigns, so when the bogus email comes across the transit of the CEO asking for a funds transfer it can be detected.

Regular software patching also is crucial. When spam laden malware hits or ransomware attacks like WannaCry surfaces, the impact can be minimised. "People focus on new technology, but forget about patching and maintaining the infrastructure."

A balanced defensive and offensive posture is required, not just with firewalls and antivirus, but also including measures to hunt down possible attacks through data collection and analysis.

Spyware Makes a Comeback

Cisco found that in the first half of this year, attackers altered their methods of delivering, hiding, and evading their malicious packages and techniques.

File-less malware is popping up, which lives in memory and disappears when a device reboots, according to the report. As a result, it makes detection and the ability to investigate it more difficult.

Additionally, attackers are also making use of anonymised and decentralised infrastructures, to hide command and control activities.

Meanwhile, three families of spyware ran rampant, affecting more than 20% of the 300 companies in the report sample.

Ironically, many organisations underestimate or virtually dismiss spyware. "Spyware is being disguised as adware and adware, unlike spyware, does not create damages for a company," says Cisco. He adds that attackers are injecting spyware and other forms of malware into adware, since adware is a low priority for security teams.

‘Destruction of Service’ Attack Threat

The report also highlights the dangers of Destruction of Service (DeOS) attacks, epitomised by the likes of WannaCry and NotPetya which were both much more destructive than traditional ransomware. According to Cisco, these types of attacks have the strength to eliminate organisations’ data backups and leave them unable to recover.

Cost of Downtime Not Calculated

The one thing related to ransomware that was not considered was the amount of damage caused by downtime, having workstations and servers not up & running. If you calculate that in, ransomware is probably as damaging as CEO fraud, or even more.
Trackbacks (0) | Permalink

New Type of WhatsApp Phishing Attack

Computer Culture Admin - Thursday, August 24, 2017
HP Heads-up. There is a new social engineering attack currently being tested in Europe, which means we may see it in the rest of the world very soon.

The bad guys are using malicious WhatsApp ads, which offer a 250-dollar coupon for a well-known retailer, in exchange for a short survey. The invite looks like it comes from a friend on WhatsApp. A similar strain installs a malware on the phone, which looks like a software update, but steals all the contacts, phone numbers and email addresses - and if they can find any, passwords and banking credentials.

There are different ways to monetise all this phishing data, and it looks like the bad guys have got that down too, from selling the stolen credentials to using the malware to go viral to all the contacts on the phone.

The large retailers have reported hundreds of these attacks to Europe's federal Cyber Crime Unit.
Trackbacks (0) | Permalink

1 2 3 4 5 .. 6 Next

Back to Top