• Posted on March 27, 2017 2:45 pm
    Joseph Forbes
    1

    The Cyber Division of the U.S. Federal Bureau of Investigation (FBI) has issued an alert to warn the healthcare industry that malicious actors are actively targeting File Transfer Protocol (FTP) servers that allow anonymous access. According to the law enforcement agency, attackers have targeted the FTP servers of medical and dental facilities in an effort to obtain access to protected health information (PHI) and personally identifiable information (PII), and use it to intimidate, blackmail and harass business owners. “The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server,” the FBI said. The agency cited research conducted in 2015 by the University of Michigan, which showed that more than one million FTP servers had been configured for anonymous access. These servers allow users to authenticate with only a username, such as “anonymous” or “ftp,” and either a generic password or no password at all. The FBI pointed out that vulnerable FTP servers can also be abused to store malicious tools or to launch cyberattacks. “In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud,” the FBI warned. In 2015, IBM named healthcare as the most attacked industry, with more than 100 million records compromised, after in the previous year this sector did not even make it to the top five. An IBM report for 2016 showed that the volume of compromised records was smaller, but the number of data breaches increased, causing operational, reputational and financial damage to healthcare organizations. A report published recently by Fortinet showed the top threats targeting healthcare companies in the last quarter of 2016, including malware, ransomware, IPS events, exploit kits and botnets.

    Blog Entry, DATA, Hacking
  • Posted on March 14, 2017 11:45 am
    Joseph Forbes
    No comments

    Several small and midsize businesses are susceptible to Distributed Denial of Service (DDoS) attacks. What would be the best way for such businesses to handle this problem? Plan ahead – this is what security experts suggest based on their experiences in the past! A majority of the small businesses and start-ups have small teams with very little resources to defend DDoS attacks. As indicated by the name of the attack, it stops users from accessing the services and a site by hurling lot of data against the firm’s web and hosting services. If you are wondering if DDoS attacks are really so common that businesses need to be concerned about it, statistics indicate that around 2,000 such attacks happen on a daily basis costing a loss of revenue in the range of $5,000 - $40,000 per hour for businesses. Hackers can be fake vandalists, competitors, hactivists or extortionists. If your company isn’t equipped with professional network security experts, here are few things you can do to stay safe from DDoS attacks. Stay Prepared Every business should have a disaster recovery plan ready for DDoS attacks. Some of the best practices should include identifying the key employees who are given the responsibility. Establish the roles of every team member, their tasks and requirements. Give the team the needed practice on a mock basis so that those involved are aware of how to handle things when a disaster happens inevitably. Work with your internal PR and IT teams, ISP and hosting providers to recognize the susceptible aspects of failure, routes of escape and technical gaps. Understand DDoS Attack  There are many well-tested DDoS prevention programs that run advanced algorithms to identify various kinds of traffic. They try to sniff out, identify and filter different kinds of benign and malevolent bots and allow only legitimate traffic. It’s not easy to judge from just one instance if the hack is just amateurish or professional, though it’s fairly assumed that any network attack that crosses 50 Gbps is likely to be professional. Mostly multiplied under the inoffensive category of 'network security programs,' few of the very common hack devices are called stressors or booters. As implied by the name, these devices intensify and focus the payload of DDoS. Be Ready to Respond with Your Guns As in all cases of disaster reaction, stay calm without panicking. Ensure that your services are up and running; give your customers a brief. Your team can respond readily only if you’ve prepared properly. Co-ordinate with your team members and optimize the tactics for the disaster response. Once the attack is mitigated by your tech team, ensure that the communication team is ready to reveal the details to the press and legal team is prepared to handle the possible regulatory and compliance part. If you are asked to pay the attacker a ransom, don’t do it as this will only mark your organization and they may return for more. Once you are identified this way, other hackers may also sense it and come your way. Learn and Implement Once the attack subsides, try to learn things from the attack. Analyse strongly as to what went right and what went wrong.  Ensure that your legal and IT teams collect the required forensic information. Create a communication protocol to deal with the internal team queries, your clients and the press. Try to detect the network holdups from the attack and select an infrastructure with inherent resiliency. Analysis and communication are the two aspects that will go a long way in preparing for the next attack and enhance your team morale. And, you should be wary of the latest threats emerging in the cyber world such as the latest DDoS Extortion Attack.

    Blog Entry, DATA, Hacking
  • Posted on February 8, 2017 11:55 am
    Joseph Forbes
    No comments

    Do you suspect your email account has been hacked? Can't login to your email account? Are you getting undeliverable and bounce messages for email you never sent? Are friends and family complaining of receiving email you never sent? Is it malware? A hacker? Here's how to tell. Undeliverable and Bounce Messages Spammers frequently spoof the From sender on the email they send. They just substitute their real email address with a random email address found on a mailing list or one just randomly made up. Some poorly configured email gateway products don't distinguish between the manually editable "From" address and the actual sender origin, so they simply send any undeliverable messages to the spoofed From address. To better understand how this works, and help you track down the real origin of an email, see: Reading Email Headers. Best defense: Simply delete the undeliverable/bounce messages. In other cases, email worms will send themselves disguised as an undeliverable/bounce message. The bogus email contains either a link or an attachment. Clicking the link or opening the attachment leads directly to a copy of the worm. Your best course is to learn to overcome curiosity. Best defense: If you receive an undeliverable or bounce message for an email you know you did not send, resist the temptation to open the attachment or click the link. Just delete the email. Unable to login to your email account If you are unable to login to your email account due to an invalid password, it's possible that someone has gained access and changed the password. It's also possible that the email service is experiencing a system outage of some sort. Before you panic, make sure your email provider is functioning normally. Best defense: Prevention is key. Most email providers offer a password recovery option. If you have even a hint of concern that your email password has been compromised, change your password immediately. If you specified an alternate email address as part of the password recovery, make sure that address is active and be sure to monitor the account regularly. In some cases, you may need to call your email provider and request a reset. If you go that route, be sure to change your password from the one provided during the phone call. Be sure to use a strong password. Email appearing in Sent Items folder If copies of the sent email are appearing in your Sent Items folder, then it's likely that some type of email worm might be involved. Most modern-day malware won't leave such tell-tale signs behind, so it, fortunately, would be indicative of an older, more easily removed threat. Best defense: Update your existing antivirus software and run a full system scan. Email is sent to address book, does not appear in the Sent folder, and it's a webmail account The most likely cause is phishing. Chances are at some point in the past, you were tricked into divulging your email username and password. This enables the attacker to login to your webmail account and send spam and malicious email to everyone in your address book. Sometimes they also use the hijacked account to send to strangers. Generally, they remove any copies from the Sent folder to avoid easy detection. Best defense: Change your password. Make sure you've checked the validity of any alternate email addresses included in the password recovery settings first. Symptoms don't match the above Best defense: Make sure you do a thorough check for a malware infection. Fully scan your system with installed up-to-date antivirus software and then get a second opinion with one of these free online scanners. Receiving complaints from friends, family, or strangers One of the problems with spoofed, hijacked or hacked email is that it can also lead to responses from angry recipients. Stay calm - remember, the recipients are just as much a victim as you. Best defense: Explain what happened and use the experience as an educational opportunity to help others avoid the same plight.

    Blog Entry, Data Recovery, Hacking
  • Posted on January 9, 2017 11:11 am
    Joseph Forbes
    No comments

    How your online habits leave you and your computer at risk Keeping safe online takes more than just installing a few security programs. To protect both you and your computer, here are the top ten bad habits you need to avoid. Browsing the Web with javascript enabled by default Today's attackers are more likely to host their malicious files on the web. They may even update those files constantly using automated tools that repackage the binary in an attempt to bypass signature-based scanners. Whether through social engineering or through website exploit, the choice of browser will be of little help. All browsers are equally susceptible to Web-based malware and this includes Chrome, Firefox, Opera, and the much-maligned Internet Explorer. Disabling Javascript on all but the most trusted sites will go a long ways towards safer web browsing. Using Adobe Reader/Acrobat with default settings Adobe Reader comes pre-installed on most computers. And even if you never use it, just the mere presence can leave your computer at risk. Vulnerabilities in Adobe Reader and Adobe Acrobat are the number one most common infection vector, bar none. Making sure you stay up-to-date with the latest version of Adobe products is imperative, but not foolproof. To use Adobe Reader (and Acrobat) safely, you need to make a few tweaks to its settings. Clicking unsolicited links in email or IM Malicious or fraudulent links in email and IM are a significant vector for both malware and social engineering attacks. Reading email in plain text can help identify potentially malicious or fraudulent links. Your best bet: avoid clicking any link in an email or IM that is received unexpectedly - particularly if you do not know the sender. Clicking on popups that claim your computer is infected Rogue scanners are a category of scam software sometimes referred to as scareware. Rogue scanners masquerade as antivirus, antispyware, or other security software, claiming the user's system is infected in order to trick them into paying for a full version. Avoiding infection is easy - don't fall for the bogus claims.   Logging in to an account from a link received in email, IM, or social networking Never, ever login to an account after being directed there via a link received in an email, IM, or social networking message (i.e. Facebook). If you do follow a link that instructs you to login afterwards, close the page, then open a new page and visit the site using a previously bookmarked or known good link.   Not applying security patches for ALL programs Chances are, there are dozens of security vulnerabilities waiting to be exploited on your system. And it's not just Windows patches you need to be concerned with. Adobe Flash, Acrobat Reader, Apple Quicktime, Sun Java and a bevy of other third-party apps typically host security vulnerabilities waiting to be exploited. The free Secunia Software Inspector helps you quickly discover which programs need patching - and where to get it.   Assuming your antivirus provides 100% protection So you have antivirus installed and are keeping it up-to-date. That's a great start. But don't believe everything your antivirus does (or rather doesn't) tell you. Even the most current antivirus can easily miss new malware - and attackers routinely release tens of thousands of new malware variants each month. Hence the importance of following all the tips provided on this page.   Not using antivirus software Many (probably infected) users mistakenly believe they can avoid malware simply by being 'smart'. They labor under the dangerous misconception that somehow malware always asks permission before it installs itself. The vast majority of today's malware is delivered silently, via the Web, by exploiting vulnerabilities in software. Antivirus software is must-have protection. Of course, out-of-date antivirus is almost as bad as no antivirus software at all. Make sure your antivirus software is configured to automatically check for updates as frequently as the program will allow or a minimum of once per day. Not using a firewall on your computer Not using a firewall is akin to leaving your front door wide open on a busy street. There are several free firewall options available today - including the built-in firewall in Windows XP and Vista. Be sure to choose a firewall that offers both inbound and (as importantly) outbound protection.   Falling for phishing or other social engineering scams Just as the Internet makes it easier for legitimate pursuits, it also makes it easier for scammers, con artists, and other online miscreants to carry out their virtual crimes - impacting our real life finances, security, and peace of mind. Scammers often use sad sounding stories or promises of quick riches to hook us into being willing victims to their crimes. Exercising common sense is one of the best ways to avoid online scams. For extra help, consider installing one of the free anti-phishing toolbars

    Blog Entry, Hacking, Internet
  • Posted on January 4, 2017 12:02 pm
    Joseph Forbes
    No comments

    Here are example passwords that discourage 'brute force' dictionary cracking: OK Password: Better Password: Excellent Password: kitty 1Kitty 1Ki77y susan Susan53 .Susan53 jellyfish jelly22fish jelly22fi$h smellycat sm3llycat $m3llycat allblacks a11Blacks a11Black$ usher !usher !ush3r ebay44 ebay.44 &ebay.44 deltagamma deltagamm@ d3ltagamm@ ilovemypiano !LoveMyPiano !Lov3MyPiano Sterling SterlingGmail2015 SterlingGmail20.15 BankLogin BankLogin13 BankLogin!3 Shelby ShelbyPass1 Shelby.Pass1. Rolltide RollTide% RollTide%.% StarWars $tarwarz $tar|warz Why are some passwords stronger than others? A strong password resists guessing. Hackers and computer intruders will use automated software as a way to submit hundreds of guesses per minute to open your online account. These software tools are called 'dictionary' or 'brute force repetition' tools, because they will use English dictionaries to sequentially guess your password. For example, a dictionary tool will submit sequential guesses like this: Dog Dogs Dogcatcher Dogcatchers Dogberry Dogberries Dogma Dogmatic Dogmatized Dog1 Dog2 Dog3 Dog4 These password-guessing tools can submit up to 1000 attempts per minute. The less that your password resembles regular English word patterns, the longer it will take for a repetition tool to guess it. Beating dictionary programs: use non-English word combinations. These password variations below purposely avoid using complete English word patterns. By injecting numbers and special characters instead of letters, these passwords will take exponentially longer to guess by a dictionary program: Dog.lov3r dOG.lov3r i7ovemydog!! d0gsaremybestfr13nds sn00pdoggyd0G Karm@beatsDogm@ C@ts-and-Dogs-Living-together

    Blog Entry, EDUCATION, Hacking
  • Posted on January 3, 2017 12:00 pm
    Joseph Forbes
    No comments

    Keeping track of passwords can seem like a hassle. Most of us have multiple sites we visit which require password logins. So many, in fact, that it's tempting to use the same username/password combo for all of them. Don't. Otherwise, it takes only the compromise of a single site's credentials to have a toppling domino effect on the security of all your online assets. Fortunately, there is a fairly straightforward way to have different passwords for each site you use but still make the passwords easy enough to remember. Creating Unique Passwords Before you begin creating strong passwords, you need to consider the use of those passwords. The intent is to create strong passwords unique to each account, but easy enough to memorize. To do this, first begin by splitting the sites you frequently login to into categories. For example, your category list might read as follows: social networking sites auction sites ecommerce sites email accounts banking sites forums A word of note here about forums. Never use the same password for a site's forum as you would for logging into the site itself. Generally speaking, the security on forums is not as strong as it is (or should be) for the regular site and thus the forum becomes the weakest link in their security. This is why, in the example above, forums are split into a separate category. Now that you have your categories, under each appropriate category, list the sites to which you must log in.  For example, if you have a Hotmail, Gmail, and Yahoo account, list these under the category 'email accounts'. After you've completed the list, you're ready to begin creating the strong, unique, and easy-to-remember passwords for each. Creating Strong Passwords A strong password should be 14 characters. Each character less than that makes it a little easier to compromise. If a site absolutely won't allow a password that long, then adapt these instructions accordingly. Using the 14 character password rule, use the first 8 characters as the common portion to all passwords, the next 3 to customize by category, and the last 3 to customize by site.  So the end result ends up like this: common(8)|category(3)|site(3) Following this simple rule, when you change your passwords in the future - which, remember, you should do often - you'll only need to change the first common 8 characters of each. One of the commonly recommended means of remembering a password is to first create a passphrase, modify it to the character limit, then begin swapping characters for symbols. So to do that: Come up with an 8 letter passphrase that is easy to remember. Take the first letter of each word to form the password. Substitute some of the letters in the word with keyboard symbols and caps (symbols are better than caps). Tack on a three letter abbreviation for the category, also replacing one of the letters with a symbol. Tack on a site specific three letter abbreviation, again replacing a single letter with a symbol. As an example: In step 1 we might use the pass phrase: my favorite uncle was an air force pilot Using the first letters of each word, we end up with: mfuwaafp Then we swap some of those characters with symbols and caps: Mf{w&A5p Then we tack on the category, (i.e. ema for email, and swap out one character of ema: e#a Finally, we add the site abbreviation (i.e. gma for gmail) and swap out one character: gm% We now have a password for our gmail account of Mf{w&A5pe#agm% Repeat for each email site, so perhaps you end up with: Mf{w&A5pe#agm% Mf{w&A5pe#aY%h Mf{w&A5pe#aH0t Now repeat these steps for the additional categories and sites within those categories. While this may look hard to remember, here's a tip to simplify - decide in advance what symbol you will equate with each letter.

    Blog Entry, Data Recovery, Hacking
  • Posted on January 2, 2017 4:16 pm
    Joseph Forbes
    No comments

    Hackers have been hacking wireless networks for a long time, but they don't even need to hack your wireless if you never changed your wireless router's admin password from its default value. If you never changed the admin password on your router after you set it up the first time, then all the hacker needs to do is look up the default password and log in. There are lists on the internet that provide hackers with the default admin passwords for most commercially available routers on the market today. Just Google: "Default Router Password List" and you'll find several sites that provide the default passwords for just about every major brand of wireless router available. Other sources of default admin passwords include downloadable PDF manuals available in the support section of most router manufacturer websites. If you're like many people, when you first setup your router you plugged it in, followed a couple of steps on a quick setup card, and everything just started working. End of Story You may have not gone back to change the admin password after you used it to setup the router. Here are the general steps you will need to follow in order to change and/or reset the password on your wireless router: If you have completely lost the password that you set and need to set the router back to its factory default password, perform the following steps: Below are general instructions only. Directions vary by make and model of router. Please consult your router's operating manual before performing any kind of reset procedure, and always follow proper safety precautions indicated in your router's documentation. PLEASE NOTE: The first step in this process will wipe out all of your router's configuration settings and set them back to their out-of-the-box factory defaults. You will have to change all your routers settings such as your wireless network SSID, password, encryption settings, etc, after performing this step. 1. Press and hold the reset button on the back of your wireless router You will probably have to hold the reset button from 10 to 30 seconds depending on your brand of router. If you hold it for too short a time it will simply reset the router but won't revert back to its factory default settings. On some routers you may have to use a pin or thumbtack to press the button if it is recessed inside the router. 2. Connect a computer to one of your router's Ethernet ports (but not the one that says WAN) Most router's have a web browser-accessible administrator page that you must log in to in order to access the router's configuration settings. Some routers disable administration via wireless, so you will need to ensure that you are connected to the router via an Ethernet cable before attempting to access the router's configuration page. 3. In the browser address bar, enter the IP address of your router's administration interface Most routers have what is called a non-routable internal IP address such as 192.168.1.1 or 10.0.0.1. This is an internal address that cannot be accessed from the internet. Here are the standard admin interface addresses used by some of the more popular wireless router manufactures. You may have to consult your specific router's manual for the correct address. The following list is some of the default IP addresses based on my research and may not be accurate for your specific make or model: Linksys - 192.168.1.1 or 192.168.0.1 DLink - 192.168.0.1 or 10.0.0.1 Apple - 10.0.1.1 ASUS - 192.168.1.1 Buffalo - 192.168.11.1 Netgear - 192.168.0.1 or 192.168.0.227 4. Enter the default administrator login name (usually "admin") followed by the default administrator password. You can locate the the default admin name and password for your specific router by checking the manufacturer's website or by Googling "Default Admin Password" followed by your router's brand name and model. 5. Click on the "Admin" page from your router's configuration page and create a strong password Be sure you enter a strong complex password for your router's admin password. If you ever lose this password you will have to repeat the steps above. If you didn't lose you router password but just don't know how to change it, you can skip steps 1 and 2 and enter the admin user name and password that you have into step 4. This will allow you to change your wireless router's password without wiping out all your other router's settings.

    Blog Entry, Hacking, Hardware
  • Posted on December 28, 2016 8:53 am
    Joseph Forbes
    No comments

    If you were anywhere near the internet in the U.S. on Friday (Nov 2016), you probably noticed a bunch of your favorite websites were down for much of the day. Now experts are saying it’s all because thousands of devices – like DVRs and web-connected cameras – were hacked. Once the hackers had control over these devices, they manipulated them into sending an overwhelming number of requests to a company that serves up the websites for Netflix, Google, Spotify and Twitter. When the traffic became too much to handle, the sites crashed. It was an old-school attack – often called a distributed denial of service attack, or DDoS – powered by the new web of devices called the internet of things or IoT. Security experts have been warning for a few years that internet-connected devices are susceptible to hacking. They just didn’t know exactly what hackers might do once they broke into your connected television, refrigerator or thermometer, for example. (Other than some disturbing hacks on baby monitors, that is.) Now we have our answer, and it’s worse than what the experts imagined. Focusing on security cameras and DVRs that record footage in businesses outside of the U.S., hackers created an army of devices to take down large chunks of the internet. It’s not all the device manufacturers’ fault. Websites and services will have to adapt and do more to prevent attacks like these from being so effective if we want to keep the internet up and running. Here’s a primer on why the devices are so easy to hack, and how hackers turned them into a zombie army that attacked the internet. How internet-connected devices are easily taken over DVRs and security camera are connected to the internet. That’s on purpose, of course. This feature lets users access them remotely, along with anyone else they need to let in. It’s what lets users check in on security cameras when no one’s at home or at a business, and what lets manufacturers update device software without making a house call. But this feature is also kind of a bug. Devices in the so-called internet of things are stupid-easy to connect to remotely by just about anyone, not just those with whom you want to share access. If something is connected to the internet, it has an IP address. If something has an IP address, it can be found on search engines like Google and Shodan, a searchable registry of IP addresses with information about the connected device. Hackers can find hundreds or thousands of hackable DVRs and cameras just by entering some search terms. Then, they try to break in... How hackers can break into your devices Internet-connected devices often come with default passwords. Think you’re the only one whose username and password are “admin” and “admin”? Many, if not most, device makers don’t require you to set a unique username and password, so many people end up sticking with the defaults. Hackers can find a list of vulnerable DVRs on search engines and try out that default password. If you never changed it, they’re in. But even if you do change those defaults, hackers have other options. Advanced methods utilizing services called SSH and telnet let hackers force their way into your device, since changing the password on your device’s web app does not necessarily change the password coded into the device. So while the camera was storing security video to prevent crime, hackers were quietly brute-forcing their way into the DVR and adding it to their army of attack soldiers. So how did a camera take down Twitter? To take over the cameras, hackers inserted Mirai, malicious software that lets bad guys use at least 100,000 devices as soldiers in its zombie army. That’s according to Flashpoint, a cybersecurity company that has been tracking the proliferation of Mirai across the internet of things since it was first used in a massive attack in September. The technical name for this zombie army is a botnet, and hackers have been making them out of computers for a very long time. Now that hackers can make botnets out of the internet of things, they have a more powerful tool to carry out attacks like the one that happened Friday. They used the botnet to send tons and tons of junk requests to Dyn, a company that manages web traffic for all the websites that were affected. Dyn couldn’t sort out the good requests from the bad, and as a result internet users in many parts of the US were cut off from a number of websites. Now you know how an army of DVRs and cameras kept you off Reddit for most of Friday. We still don’t know who the hackers are and what they’ll do next. It also remains to be seen how websites will change their habits to prevent outages like the ones we saw Friday. As for the manufacturers of internet-connected devices, there has been an interesting development. On Monday, connected-camera manufacturer Xiongmai said it will issue a recall of its devices caught up in the botnet army that attacked Dyn on Friday, according to Reuters. If more companies follow suit, it might give manufacturers more reason to lock down cybersecurity on their devices before putting them up for sale.

    Blog Entry, Cloud Apps, DATA
  • Posted on December 27, 2016 9:08 am
    Joseph Forbes
    No comments

    [ALERT] Scam of the Week: George Michael Dies at 53. Watch out for Phishing Attacks Yesterday, news broke that George Michael was found dead on Sunday at his home in Goring in Oxfordshire, England. He was 53. A police statement said: “Thames Valley Police were called to a property in Goring-on-Thames shortly before 2 p.m. Christmas Day. Sadly, a 53-year-old man was confirmed deceased at the scene. At this stage the death is being treated as unexplained but not suspicious.” Mr. Michael’s manager, Michael Lippman, told The Hollywood Reporter that Mr. Michael had died of heart failure “in bed, lying peacefully.” This is a celebrity death similar to Prince that the bad guys are going to exploit in a variety of ways. You have to warn your users right away that a series of scams are underway using the George Michael death as social engineering trick. Earlier celebrity death scams show there will be a high click rate on scams that claim to show Michael's last words on video. Whatever ruse is being used, your users will wind up with either infected workstations at the house or in the office, giving out personal information or unleashing ransomware on the network. Give them a heads-up that especially now they need to Think Before They Click. I would send your employees, friends and family something like the following. You're welcome to copy/paste/edit. "Yesterday, news broke that pop star George Michael was found dead in his home in Oxfordshire, England. He was 53. Internet scum are going to exploit this celebrity death in a number of ways, so be careful with anything related to George Michael's death: emails, attachments, any social media (especially Facebook), texts on your phone, anything. There will be a number of scams related to this, so Think Before You Click! For KnowBe4 customers, as you read this, there will be a new template "George Michael Dies at 53" in the Current Events campaign that I suggest you send to everyone more or less immediately. If you are not a KnowBe4 customer yet, at times like this, it is very good to know what percentage of your users are vulnerable to emotional manipulations like this. We recommend you do your complimentary Phishing Security Test and find out what your phish-prone percentage of your users is. https://info.knowbe4.com/phishing-security-test-chn Let's stay safe out there.

    Blog Entry, ENTERTIANMENT, Hacking
  • Posted on July 11, 2016 10:00 am
    Joseph Forbes
    No comments

    From smartphones and tablets to notebook PCs, webcams seem to be standard equipment these days. Just about every device we use has a camera on it. Did you ever stop to think that while you're staring at your screen, someone on the Internet might be staring back at you? The national news is awash in stories about hackers tricking users into installing webcam spyware. How can you be sure that no one is watching you without your permission? Many webcams on notebook computers have indicator lights on them that let you know when your camera is actively capturing video. It may be possible (on some cameras) to disable the activity light through software hacks or modifying configuration settings. So, just because you don't see an activity light on doesn't mean that your webcam isn't still capturing video. What can you do to secure your webcam? The Simple Solution: Cover It Up Sometimes the simplest solutions are the best ones. If you want to be absolutely sure that no one is watching you through your webcam, get some electrical tape and cover it. If you don't want any tape residue on your camera then you can use a longer strip of tape and fold it back on itself. Not even the best hacker in the world can defeat electrical tape. If you want to get a little more sophisticated, you can roll up a coin in the electrical tape so that the weight of the coin helps the tape stay positioned over the camera. When you want to use the camera, just lift the coin up and fold it back over the top of your computer screen. There are many other creative solutions. Maybe someone out there will start a Kickstarter project and come up with a solution that can be sold to the masses. Close Your Notebook PC When You're Not Using it? If you don't want to mess with covering up your camera , just make a habit of closing your notebook computer when you're not using it or when you want to make sure that you're not on camera. Scan Your Computer for Webcam-related Malware A traditional virus scanner may not always catch webcam-related spyware or malware. In addition to your primary antivirus software, you may want to install anti-spyware. I also recommend augmenting your primary anti-malware solution with a Second Opinion Malware Scanner such as Malwarebytes. A Second Opinion Scanner acts as a second layer of defense and will hopefully catch any malware that may have evaded your front line scanner. Avoid Opening E-mail Attachments From Unknown Sources If you get an email from someone you don't know and it contains an attachment file, think twice before you open it as it may contain a Trojan horse malware file that could install webcam-related malware onto your computer. If your friend e-mails you something with an unsolicited attachment, text them or call them to see if they really sent it on purpose or if someone sent it from a hacked account. This has been happening a lot lately from people I know. Legitimate emails sent from people you know, with attachments disguised as something important. Avoid Clicking Shortened Links on Social Media Sites One of the ways webcam-related malware is spread is through links on social media sites. Malware developers often use link shortening services such as TinyURL and Bitly to try and mask the true destination link which is likely a malware distribution site. If a link's content sounds too good to be true, or sounds like it's sole purpose is to get you to click it due to it's appealing subject matter, it is best to steer clear and not click on it as it may be a doorway to a malware infection.

    Blog Entry, Hacking, Internet
  • Posted on July 3, 2016 10:00 am
    Joseph Forbes
    No comments

    The FBI Virus (aka FBI Moneypak scam) is one of the latest malware threats that takes your computer hostage and demands that you pay a $200 fine in order to unlock your computer. The message claims that you have illegally visited or distributed copyrighted content such as videos, music, and software. Consequently, the cyber-criminal demands a payment within 48 to 72 hours in order to lift the ban on your computer. This type of malware is called "ransomware" and it is used to demand payment from the victim. In return, the scammer “promises” to unlock your computer. However, rather than paying the FBI, the money is taken by the cyber-criminal and the virus is not removed. Don’t be a victim. Perform the following steps to unlock your computer and remove the FBI virus. I have encountered multiple versions of this virus, and lately it seems that a website pop-up version is more common these days.  To the same affect, the browser turns to fullscreen view, and blocks all attempts at closing the window.  If using a Firefox or Chrome web browser, these browsers offer ways at preventing additional pop-up notices from preventing you from closing the browser window. Boot your infected computer into safe mode with networking Because you have no means of closing the pop-up FBI alert message, you will have to boot your machine into Safe Mode with Networking, which will give you access to only the basic files and drivers. Safe Mode with Networking allows you to connect to the Internet, which you will need access to in order to download anti-malware tools that will help you remove this virus. Power up your computer and press F8 just before the Windows splash screen appears. This will prompt you to the Advanced Boot Options screen. Using your arrow keys on your keyboard, highlight Safe Mode with Networking and press Enter. While in Safe Mode, you will notice that your desktop background is replaced with a solid black color. Scan your computer using anti-malware software If you already have anti-malware software installed on your computer, download the latest malware definitions and perform a full scan of your computer. However, if you do not have malware removal software, download one and install it. I recommend Malwarebytes as it has the most current ransom-ware updates. Other great tools include AVG, and Microsoft Security Essentials. Whichever tool you decide to use, make sure you download the most current malware definitions. Once you have the application installed with the latest definitions, perform a full computer scan. Remove the virus from your computer After the scan is complete, review the results and identify the quarantined infections. Ensure that the removal tool deletes the infections from your computer. If you are using Malwarebytes, from the results dialog box, click on the Remove Selected button to remove all of the infections found. After the infections are removed, reboot your computer. This time, do not press F8 and allow your computer to boot normally. You will know immediately if the virus has been removed as you will be able to see your desktop rather than the FBI pop-up alert message. If all looks good, launch your Internet browser and make sure you can visit known sites, such as Google, without any issues. The most common way to become infected with the FBI virus is by visiting infected websites. Emails may contain links to malicious websites. Phishing is the practice of sending spam email to users with the intention of tricking them into clicking on a link(bait). In this case, you would receive an email enticing you to click on a link that will direct you to an infected website. If you happen to click on these links, you may land on a site that harvests malware such as the FBI Virus. Remember to keep your antivirus software updated and your operating system current. Configure your antivirus software to routinely check for updates. If your antivirus software does not contain the latest signature files, it will be rendered useless against the most current malware threats. Similarly, important system updates provide significant benefits such as improved security. Just as with any antivirus software, not keeping up with operating system updates will make your PC vulnerable to the latest malware threats. In order to prevent threats such as the FBI virus, ensure you use the Automatic Updates feature in Windows and have your computer automatically download Microsoft security updates.

    Blog Entry, Hacking, Internet Scam Notices
  • Posted on June 17, 2016 9:36 am
    Joseph Forbes
    No comments

    Windows password recovery tools are used to recover, or reset lost user and administrator passwords used to log on to Windows operating systems. Password recovery tools are often called "password cracker" tools because they are sometimes used to "crack" passwords by hackers. Legally cracking or unlocking your own Windows password is certainly a legitimate practice! Note: A Windows password recovery program is just one of several ways to find a lost Windows password. Below you'll find the best free Windows password recovery programs available, most of which work for Windows 10, down to Windows XP passwords: 1.  Ophcrack The Ophcrack Windows password cracker is by far the best free Windows password recovery tool available. It's fast and easy enough for a first time Windows password cracker with a basic knowledge of Windows. With Ophcrack, you don't need any access to Windows to be able to recover your lost passwords. From another computer, visit the site, download the free ISO image, burn it to a CD or flash drive, and then boot from it. The Ophcrack program starts, locates the Windows user accounts, and proceeds to recover (crack) the passwords - all automatically. In a test run on a Windows 8 PC, Ophcrack recovered the 8-character password (mixed letters and numbers) to my guest account in 3 minutes and 45 seconds. Ophcrack supports Windows 8, Windows 7, Windows Vista, and Windows XP.  2.  Offline NT Password & Registry Editor Offline NT Password & Registry Editor (ONTP&RE) works differently than most password recovery programs in that it erases your Windows password instead of recovering it. You can think of it as more of a Windows password reset tool. Like Ophcrack, you boot form a burned disc or flash drive created with the Offline NT Password & Registry Editor ISO file. After running the program, you can log in to your Windows account without entering a password at all. If you like this "password deleting" strategy then I highly recommend this program. It requires some seemingly difficult command line work but I have a full walkthrough available. In other words: you can do this! Offline NT Password & Registry Editor Review and Free Download I've tested Offline NT Password & Registry Editor on 64-bit & 32-bit versions of Windows 10, Windows 8, Windows 7, Windows Vista, and Windows XP PCs and it reset the passwords immediately without problem. It should work on Windows 2000 and Windows NT operating systems too. 3.  Cain & Abel Cain & Abel is a free, fast and effective Windows password recovery tool. Unlike Ophcrack and other popular Windows password hacking programs, Cain & Abel requires access to Windows under an administrator account. Due to this fact, Cain & Abel is a valuable resource to recover passwords to accounts other than the one you're using. Add that to the fact that Cain & Abel is a bit more complicated to use than other password recovery apps and you have what is, in my book, a pretty advanced tool. Check it out if you think it might be useful to you. Cain & Abel was able to recover the 10-character password to the Windows XP "Administrator" account in ten seconds. While it only officially supports Windows XP, 2000, and NT, some users have had luck getting it to work in Windows Vista and Windows 7. Cain & Abel v4.9.56 Review and Free Download I've tried it with Windows 10, 8, 7, and Vista, and was unsuccessful each time. 4.  Trinity Rescue Kit Trinity Rescue Kit needs to be booted from a disc or USB stick to work. It includes many different tools, one of which is for password recovery. You can use Trinity Rescue Kit to clear a password entirely, making it blank, or to set a custom one. Some of you may find this program difficult to use because there isn't a graphical interface. However, even if you're not used to a command line interface, most of the required keystrokes are just numbers for choosing different options for resetting a password. Trinity Rescue Kit should work with Windows 10, 8, 7, Vista, and XP. Trinity Rescue Kit v3.4 Free Download Note: The password resetting tool in Trinity Rescue Kit, called winpass, is actually just an automated script for the chntpw tool, which is what Offline NT Password & Registry Editor, listed above, is based on. If you tried that password tool and it didn't work, Trinity Rescue Kit probably won't either. 5.  John the Ripper John the Ripper is a popular free password recovery tool that can be used to find Windows account passwords. While the password recovery application itself is free, the wordlists used by John the Ripper to discover passwords do cost and are required for the software to work. I'm told there are free wordlist alternatives that work with John the Ripper which is why this Windows password recovery tool is still listed as free. However, I have my own password collection sets I use to demonstrate how people just don't use effective passwords anymore. John the Ripper is operated at the command line making it a password cracking tool reserved for the very advanced user. John the Ripper v1.7.9 Free Download In theory, John the Ripper should support all popular versions of Windows like Windows 10, 8, 7, Vista, and XP. I have only used it on XP and 7, but in general theory of 7, it should work for 8 and 10. Windows Password Recovery Tools Aren't Necessary if You're Proactive! These Windows password recovery tools are great if you need them, but there's a much easier way to access your account if you forget your password - a password reset disk! A password reset disk is a special disk you can insert in your PC during the logon process that will allow you to change your Windows password without knowing your current password. You will need to create this disk before you lose access to your account! Now mind you, disk, can now be USB memory key. To find a super cheap 1GB USB memory key is really all you need.

    Blog Entry, EDUCATION, Hacking