Your address will show here +12 34 56 78
Blog

A hacker gang claims to be selling data on 70 million AT&T customers, including individual call records and account PIN codes. The alleged AT&T data was posted for sale on the dark web last week by an entity known as “Gnosticplayers.” An advertisement for the stolen data states that it comes in two parts—a smaller one with basic subscriber information such as customer names, addresses, e-mail addresses, account numbers, and payment information; and a bigger one that includes more detailed records of phone calls.  


AT&T confirmed to Motherboard on Friday that the data is real. “We’re aware of the situation and we’ve notified law enforcement,” an AT&T spokesperson said in a brief statement.


The account PIN codes mentioned in the advertisement refer to those used for some corporate accounts, according to Motherboard’s anonymous sources. It’s not clear what these numbers would allow attackers to do with stolen corporate accounts, but it may go beyond just hijacking calls and messages: AT&T reportedly uses them as security tokens for other services such as email and VPN access.


AT&T has been notified of the hacked data and told Motherboard it’s working on a statement, which will be added once available. For now, anyone who thinks they might have an AT&T account should read this post by security expert Brian Krebs on how to protect yourself.


While data breaches are unfortunately common, the claimed 70 million AT&T records make it one of the biggest in recent years. Earlier this year, credit reporting agency Equifax admitted that hackers stole the personal details (including names and social security numbers) on 143 million US customers—almost half of all Americans. It later revised the number up to 145.5 million people.


An advertisement for the stolen data states that it comes in two parts—a smaller one with basic subscriber information such as customer names, addresses, e-mail addresses, account numbers, and payment information; and a bigger one that includes more detailed records of phone calls.


Source: https://www.pcmag.com/news/361399/hacker-gang-claims-to-be-selling-data-on-70m-att-customers

0

Blog

It’s a common problem that affects businesses of all shapes and sizes—cybersecurity attacks are on the rise faster than budgeting can be accommodated for IT spend. All IT leaders are facing the challenge of addressing privacy concerns, protecting data, validating their IT spend and securing the fortress. As long as you don’t get hacked or sued it seems the job is successful—but how do you define the true ROI of IT security?


In this 2021 paradigm, a few trends among IT leaders are emerging:


Metrics
: Businesses are requiring more proof of spend. This means IT leaders are moving towards heavier analytics and reporting. How is the infrastructure measured in relationship to it’s effectiveness towards compliancy, business continuity and value in the business framework.


Cloud Spend
: As more businesses move to cloud-based solutions to secure critical digital assets, they are also demanding cloud providers demonstrate the efficacy and integrity of their security systems and controls. This has created a new market for AI driven Cloud Optimization which minimizes waste on overall spend.


Regulatory Compliance is 
Increasing: What began with the EU’s GDPR (public data and privacy protections) has expanded into many states passing their own laws. California’s CCPA and Vermont passed similar legislation protecting user’s and fining businesses for poor safety measures and identity disclosure.  Many states are following with privacy and protection laws in the in the initial drafting stages hot on the heels of California’s legislative lead.


To avoid penalties (and customer attrition), businesses will need to demonstrate compliance with state, federal and sector-specific protections (like HIPAA and the Financial Privacy Act). Privacy-industry watchers also anticipate that leaders from areas of business not traditionally focused on cybersecurity, like finance and HR will have more authority in their firm’s cybersecurity investments and spend.


If your business needs assistance with IT and cybersecurity best practices contact MicroPac today.

0

Blog

Patching is supposed to keep our data secure. However, bad patching may be giving businesses a false sense of security and giving hackers a field day. People live with the assumption that when a software vendor issues a security update to fix a vulnerability, that the problem has been taken care of. Unfortunately, far too often, this simply isn’t true. In fact, insufficient research and a limited patching effort may lead to further security issues and other potential exploits hackers can easily take advantage of.

 

Research from Google’s Project Zero hacking team demonstrates that one in four zero-day exploits were related to previously patched vulnerabilities. The exploits could have been avoided with more thorough research and a more detailed patching process. This is good news and bad news. On a positive note, it highlights the many exploits that could be avoided by simply paying more attention to patching. The bad news is that there are still vulnerabilities out there that should have already been taken care of.

 

In some cases, after patches were implemented, attackers only needed to change a line or two of code to bypass the new security. Sloppy patching is too often focused on the symptom of an exploit, instead of a core vulnerability in the code. A more comprehensive approach to software security needs to be worked into the patching process to avoid temporary fixes that leave our data vulnerable.

If you need help with cybersecurity for your business contact Micropac today: https://bit.ly/35P3Nta

0

Blog

2021 is limping in weakly as software vulnerabilities continue to leave companies vulnerable to attack. Understaffed IT professionals are drowning in a sea of patching, reporting and pending attacks.

“Based on vulnerability data, the state of software security remains pretty dismal,” Brian Martin, said vice president of vulnerability intelligence in the Risk Based Security Report (RBS).

“With the pandemic seeing a resurgence in most of the world, it is difficult to predict the exact influence COVID-19 will have on the vulnerability-disclosure landscape,” the RBS report concluded.

Before Covid, IT teams were already under tremendous pressure to keep up with patching due to what RBS has dubbed “vulnerability Fujiwara events.” The term “Fujiwara,” according to RBS researchers, describes the confluence of two hurricanes, which they liken to days like Jan. 14, April 14 and July 14 this last year, when 13 major vendors, including Microsoft and Oracle, all released patches at the same time. RBS said these three vulnerability Fujiwara events in 2020 put massive stress on security teams.

Another issue are major vendors’ regular Patch Tuesday events which are starting to create a type of rolling Vulnerability Fujiwara Effect year-round, RBS added, since the number of patches for each of them have ramped up. With 2020’s December’s Patch Tuesday, for instance, Microsoft’s patch tally totals 1,250 for the year – well beyond 2019’s 840.

Sadly, Microsoft and Oracle lead the Top 50 vendors in the number of reported security vulnerabilities, according to the latest research from Comparitech.

“New software is being released at a faster rate than old software is being deprecated or discontinued,” Comparitech’s Paul Bischoff told Threatpost. “Given that, I think more software vulnerabilities are inevitable. Most of those vulnerabilities are identified and patched before they’re ever exploited in the wild, but more zero days are inevitable as well. Zero days are a much bigger concern than vulnerabilities in general.”


The biggest red flag in software security flaws has been attributed to third-party online software, according to Cyberpion, which has developed a tool to evaluate security holes in entire online ecosystems. Their research shows that 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.

“Software developed for the desktop is fundamentally different than software developed for online,” Cyberpion’s CRO Ran Nahmias told Threatpost. “Desktop software code needs to be secured against a virus for rewriting the code (and the attack occurs on one desktop at a time). Online software has a strong dependency on the infrastructure that hosts, operates and distributes it.

This infrastructure provides a huge attack surface.

“These online infrastructures can get complex, and one misconfiguration anywhere could lead to the code being compromised or modified,” Nahmias said. “Additionally, because the software is centrally located and then serves many customers, a single breach can affect many companies and people (as opposed to the desktop software being infected by a virus which would impact one user).”


What most companies really need are well trained security professionals, but these are hard to come by.

“Aside from the increasing volume of software, the lack of qualified cybersecurity staff contributes to the rise in software vulnerabilities,” he said. “In almost every sector of the economy, cybersecurity personnel are in high demand.”


Unfortunately, software bugs aren’t going anywhere.

“Despite more organizations taking secure development more seriously, and despite more tools available to help find and eliminate vulnerabilities, the amount of disclosed vulnerabilities suggest it hasn’t tipped the scale yet,” Martin added. “We’re hopeful that as more and more news of organizations being breached are taken seriously, and organizations and developers better understand the severity of vulnerable code, that they will make the extra effort to ensure more auditing is done before releasing [software].”

If you need help with securing your network contact us for a consultation.  

Image Source: Person Encoding in Laptop · Free Stock Photo (pexels.com)

Source: https://threatpost.com/record-levels-software-bugs-it-teams-2020/162095/

0

Blog

Data theft—oh boy, another one? It happens so often now that we are actually starting to get used to it and even normalize it. Every day a new email arrives in the inbox with yet another notification from a big company explaining that my private information has been compromised. Target, Experian, Facebook, My Fitness Pal, Twitter…


Is anything secure anymore?


Because most data breaches happen when hackers gain access to someone’s password, password security is critical. It’s also a double edged sword. While passwords are the easiest and simplest way to secure an account, they are also unfortunately, an easy method of attack for hackers. Hackers know this and will inevitably find a user with a weak password and be able to gain access to computers on your corporate network.


So how do hackers get your password? Here are five common methods a hacker uses to obtain passwords.

 

1) Phishing. Think of phishing emails like a lure. A hacker tries to trick you with an email to click on a link and upload your credentials. A hacker will send out an email blast to various users across the internet. Often the email will look like it is from a legitimate website such as a banking website or something to do with Microsoft. Within the phishing email is usually a fraudulent link that when clicked on will ask you to login to “your account”. So, what looks like a legitimate login screen is fake and its sole purpose is to capture the credentials you put in.


Use Two-factor authentication. That way if the hacker does gain access to your login credentials, they will have another level of security that they will need to get through. Of course, there are ways for hackers to hack two-factor authentication, but it is a good safe guard.


Implement Security Awareness Training. Know what to look for in a phishing email. Learn the tricks hackers use with common red flags. Understand what links or attachments should not be clicked on in an email.


2) Password Spraying.  
This method is an old hacker trick for a while. It works through the use of scripts and software that is loaded up with all the common passwords such as password, 12345, logmein, etc. So, if the hacker has a list of usernames for an environment, they can just plugin the username and let the password spraying software do the work. The best way to protect against this is to utilize more secure passwords.


3) Credential Stuffing. 
So what do they sell on the DarkWeb? Passwords…lots of them. Credential Stuffing is when a hacker uses a database of usernames and passwords that they have obtained by buying them on the dark web or directly from another hacker. Typically, when you hear that there was a data breach of a company this is what they are referring to. Say a hacker was able to obtain a login for something like a credit score site. Not much a hacker can do by looking at your credit score but what they can do is use those same login credentials on various websites such as PayPal or banking websites. Often a user will use the same email and password on multiple websites. So, if a hacker has the login credentials for one website there is a high possibility, they will be able to use it to gain access to others.


The best way to protect against this is to avoid using the same login for multiple websites If you hear of a data breach of a company that may have your login information to access your account with them, immediately change your password.


4) Brute Force. 
This is the storyline played out every day on Netflix that hackers or FBI analysts use to get into a system. With this method a hacker will use an algorithm to crack an encrypted password. Once the algorithm is run against the account the password is revealed in plain text. Hacking tools like Rainbow Crack, John the Ripper, L0phtcrack, etc. are used to perform a dictionary attack, which means that the tool will go through the whole dictionary trying each word in a matter of minutes until it finds a password that works. The best way to protect against this kind of hack is to use a password that isn’t something in the dictionary and is longer than 16 characters with symbols.

 

5) Key Logging. Key logging is basically a trace of your keyboard movement.. The hacker will either try to gain access to your computer directly or through some type of spyware that got installed via email or a website. It will then log all the key strokes you make on the keyboard. Using this information, the hacker will compile a list of words typed and use that to run against your accounts. The main way to stop this kind of hack is with good security software that will check for malware, spyware and key logging software.


Contact Micropac today for more information on managing your network securely.


Image Source: Man Using a Laptop · Free Stock Photo (pexels.com)


0

PREVIOUS POSTSPage 1 of 3NO NEW POSTS