Your address will show here +12 34 56 78
Blog

A hacker gang claims to be selling data on 70 million AT&T customers, including individual call records and account PIN codes. The alleged AT&T data was posted for sale on the dark web last week by an entity known as “Gnosticplayers.” An advertisement for the stolen data states that it comes in two parts—a smaller one with basic subscriber information such as customer names, addresses, e-mail addresses, account numbers, and payment information; and a bigger one that includes more detailed records of phone calls.  


AT&T confirmed to Motherboard on Friday that the data is real. “We’re aware of the situation and we’ve notified law enforcement,” an AT&T spokesperson said in a brief statement.


The account PIN codes mentioned in the advertisement refer to those used for some corporate accounts, according to Motherboard’s anonymous sources. It’s not clear what these numbers would allow attackers to do with stolen corporate accounts, but it may go beyond just hijacking calls and messages: AT&T reportedly uses them as security tokens for other services such as email and VPN access.


AT&T has been notified of the hacked data and told Motherboard it’s working on a statement, which will be added once available. For now, anyone who thinks they might have an AT&T account should read this post by security expert Brian Krebs on how to protect yourself.


While data breaches are unfortunately common, the claimed 70 million AT&T records make it one of the biggest in recent years. Earlier this year, credit reporting agency Equifax admitted that hackers stole the personal details (including names and social security numbers) on 143 million US customers—almost half of all Americans. It later revised the number up to 145.5 million people.


An advertisement for the stolen data states that it comes in two parts—a smaller one with basic subscriber information such as customer names, addresses, e-mail addresses, account numbers, and payment information; and a bigger one that includes more detailed records of phone calls.


Source: https://www.pcmag.com/news/361399/hacker-gang-claims-to-be-selling-data-on-70m-att-customers

0

Blog

A new vishing (voice phishing) attack is scamming victims by scaring them with fake Microsoft Defender invoices in an attempt to take over control of their computers.


The campaign was first detected by security researcher Barak Tawily, who shared his findings Thursday via a blog post and on Twitter:


“Scam alert: vishing-scammers spoofed Microsoft’s ‘Microsoft Defender’ and send voice messages pretending to be bills,” he wrote on Twitter .


Tawily said the vishing scam begins with a phone call that offers “Microsoft support.” Victims are then persuaded into opening remote desktop connections so the scammers can access their PCs. From there, malware is downloaded, meaning criminals could potentially lock down devices and demand a ransom in return for a decryption key.


Tawily said vishing scammers have been using similar tactics in recent weeks to target Chrome and Firefox users. Reports indicate that victims are receiving automated messages telling them their browsers are infected with the Dvmap malware , claiming it must be removed immediately or else data will be encrypted and held for ransom (i.e., “we will block your browser”). The messages claim that support is available via vishing, which encourages people to call numbers listed in Florida and Texas .


It’s unclear if the vishing scam described by Tawily is related to the Dvmap malware attack, but vishing continues to gain momentum as a top method of cybercrime: Earlier this year, security specialist Symantec said vishing attacks are surging in popularity among extortionists, including the infamous Business Email Compromise (BEC) vishing scam.


The latest vishing campaign discovered by Tawily uses a “voice message pretending to be a bill,” he told ZDNet via Twitter .


“It has been observed over the last few days that vishing-scammers spoofed Microsoft’s ‘Microsoft Defender’ and send voice messages pretending to be bills,” Tawily wrote in his post. “This is not an automated attack but humans doing vishing.”


Tawilyn also posted two audio samples of the vishing attack, which use Microsoft support numbers listed in Texas and New Mexico . Both recordings say visitors are subject to a $100 fee before the vishing attack will stop.


“We are very sorry, but there seems to be some kind of technical problem with your device,” the vishing message states. “To solve this issue, we’ve detected that you need troubleshooting assistance from our Microsoft support team . You can call on (866) 576-1810 x99 to fix the error.”


The vishing scam is similar in nature to another vishing campaign reported by BleepingComputer earlier today , which claims victims must pay an immediate $200 fine or risk having their social security number blocked for life. The vishing scheme uses phone numbers listed in Texas and Washington state , according to BleepingComputer’s Lawrence Abrams .


Tech support vishing scams are extremely common, and vishing attacks often use scare tactics to convince victims into giving up personal information. A vishing attack , for example, might inform users that their system is infected with ransomware; if people call the phone number listed in the vishing message, attackers will instruct them on how to pay the ransom (and pocket victims’ money).


Another vishing scam that made headlines last week told Chrome users their browsers were infected with malware and asked people to call a Google-listed phone number to receive assistance. Once called, however, criminals locked devices down so they could demand a ransom in return for a decryption key.


Technology news site BleepingComputer has published several vishing awareness guides over the past year. If you need help with cybersecurity contact MicroPac today to schedule a consultation.

0

Blog

Cyberattacks are on the rise. For some time, the U.S Cybersecurity and Infrastructure Security Agency (CISA) has been warning about the risks in using a VPN for personal cybersecurity purposes; they’ve now released guidance on how best to harden your virtual private network solutions so you can stay safe online!


The two agencies have created a report to help organizations defend themselves against attacks from nation-state adversaries. These are the kinds of hackers that can take advantage when you use an encrypted VPN system because they’ll be able execute code on your computer or read sensitive data without any protection whatsoever!


“Multiple nation-state advanced persistent threat (APT) actors have weaponized common vulnerabilities and exposures (CVEs) to gain access to vulnerable VPN devices,” the U.S. National Security Agency


It’s important for organizations to have a plan in place when it comes to patching known vulnerabilities. Organizations should also choose products from reputable vendors with an active history of quickly acting on patches, since we know that some attackers will exploit these holes as soon they’re found by looking at how often hackers use them themselves.


The two agencies recommend users improve VPN security and reduce their server’s attack surface by:

  1. Configuring strong cryptography and authentication

  2. Running on strictly necessary features

  3. Protecting and monitoring access to and from the VPN


With the rise of state-sponsored hackers, it is more important than ever to ensure your data stays secure and you are protecting . VPN vulnerabilities have been used recently by both financially motivated and backed assailants in an effort to penetrate networks belonging not only private companies but also defense firms all over Europe with a goal of gaining access for financial gain or geopolitical advantage on behalf their countries.


This year in April, cybersecurity company FireEye published a report about two state-backed groups who used an unknown vulnerability to compromise the Pulse Connect Secure (PCS) VPN appliance. 


The National Security Agency (NSA) has warned that Russian hackers are exploiting security flaws in certain firewalls and VPN providers. The NSA also reported this information to Congress around the same time, warning them about potential cyber attacks by these foreign agents who have been going under names like “APT29”, Cozy Bear or even just ‘The Dukes’.


Ransomware gangs are not only targeting computers and mobile devices. They’re also interested in network access, as evidenced by seven attacks on VPN solutions from Fortinet, Ivanti (Pulse), SonicWall. At least 7 operations exploiting flaws in these products have been reported since 2017- including two that successfully encrypted user data within the organization’s firewall perimeter.


If you need help with cybersecurity contact MicroPac today!

0

Blog

In an exciting announcement, Microsoft announced that they are rolling out passwordless login support over the coming weeks. This means customers will be able to sign in with their regular account and not have a password requirement!


This new feature will be particularly useful for those who can’t or don’t want to remember their credentials due to ease of use and security concerns. The company first allowed commercial customers access earlier this year when they reported that during 2020 alone there were 150 million users logging into Azure AD/MSA & MC licenses via federated authentication with no need for passwords!


Starting today, you can finally stop typing your password. In order to log into their Microsoft accounts, users can choose from a variety of different options including the app called “Microsoft Authenticator”, Windows Hello (a form of biometric authentication), security key or verification codes that are sent by mail.


“This feature will help to protect your Microsoft account from identity attacks like phishing while providing even easier access to the best apps and services like Microsoft 365, Microsoft Teams, Outlook, OneDrive, Family Safety, Microsoft Edge and more,” said Liat Ben-Zur, Microsoft Corporate Vice President.


The Microsoft Corporate Vice President for Security, Compliance and Identity Vasu Jakkal added that threat actors use weak passwords as the initial attack vector in most attacks. The company detects 579 password breaches every second with 18 billion incidents each year- a number which is growing rapidly!


“One of our recent surveys found that 15 percent of people use their pets’ names for password inspiration. Other common answers included family names and important dates like birthdays,” Jakkal said.


“We also found 1 in 10 people admitted reusing passwords across sites, and 40 percent say they’ve used a formula for their passwords, like Fall2021, which eventually becomes Winter2021 or Spring2022.”


How to go passwordless


To log in into your Microsoft account without a password install the Microsoft Authenticator app and link it to your personal Microsoft account.


Then go to your Microsoft account page, sign in, and turn on the ‘Passwordless Account” under Advanced Security Options > Additional Security Options.


Last, follow the on-screen prompts and approve the notification displayed by the Authenticator app.


“Passwordless solutions such as Windows Hello, the Microsoft Authenticator app, SMS or Email codes, and physical security keys provide a more secure and convenient sign-in method,” Microsoft explains.


“While passwords can be guessed, stolen, or phished, only you can provide fingerprint authentication, or provide the right response on your mobile at the right time.”


If you need assistance with cybersecurity call Micropac today!

 

Source: Microsoft

0

Blog

SonicWall has released an “urgent security notice” highlighting a critical risk of immanent ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.


“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials,” the company said.


SonicWall has said that the attacks target a known vulnerability patched in newer versions of firmware, and they do not impact SMA 1000 series products.

“Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack,” SonicWall warns.


Either disconnect or update affected devices


Businesses still utilizing EoL SMA and/or SRA devices with 8.x firmware are urged to update the firmware immediately or disconnect the appliances as soon as possible to fend off the critical risk of ransomware attacks.


Customers using actively supported SMA 210/410/500v devices with the vulnerable 8.x firmware targeted in these attacks are also advised to immediately update to the latest version, which mitigates vulnerabilities discovered in early 2021.


“As additional mitigation, you should also immediately reset all credentials associated with your SMA or SRA device, as well as any other devices or systems using the same credentials,” SonicWall adds. “As always, we strongly recommend enabling multifactor authentication (MFA).”

Depending on the product they use, SonicWall recommends organizations to:

  • SRA 4600/1600 (EOL 2019)  Disconnect immediately   Reset passwords
  • SRA 4200/1200 (EOL 2016)  Disconnect immediately   Reset passwords
  • SSL-VPN 200/2000/400 (EOL 2013/2014)  Disconnect immediately  Reset passwords
  • SMA 400/200 (Still Supported, in Limited Retirement Mode)  Update to 10.2.0.7-34 or 9.0.0.10 immediately  Reset passwords  Enable MFA
0

PREVIOUS POSTSPage 1 of 4NO NEW POSTS