Category Archives: security

Thousands of e-commerce websites infected with “MagentoCore” malware that skims payment details

“MagentoCore” Malware Infects Thousands of E-Commerce Websites Worldwide

It has been revealed that thousands of e-commerce stores across the globe have been running, though unwittingly, a dangerous malware that skims payment details. Reports suggest that this malware, which has been stealing payment details of thousands of users worldwide, has been infecting as many as 50 new stores each day.

Willem de Groot, who is a prominent Dutch security blogger and researcher, had uncovered the infected; he has named the malware ‘MagentoCore’ as it infects the popular e-commerce software Magento.

In his blog, Willem de Groot has written a post on the malware; de Groot says, “Online skimming – your identity and card are stolen while you shop – has been around for a few years, but no campaign has been so prolific as the MagentoCore.net skimmer. In the last 6 months, the group has turned 7339 individual stores into zombie money machines, to the benefit of their illustrious masters.”

He adds, “The average recovery time is a few weeks, but at least 1450 stores have hosted the MagentoCore.net parasite during the full past 6 months.”

Based on the daily scans that he has done, de Groot has revealed that new brands were being hijacked at a pace of 50 to 60 stores per day; this is the data he has got over the course of the two weeks immediately preceding the post (dated August 31, 2018) that he has made on his blog. He also points out that though the hackers have targeted multi-million dollar publicly traded companies, it’s the customers who are the real victims since it’s their card details and identities that get stolen and maybe misused as well.

The MagentoCore malware infects an e-commerce website mostly by applying brute-force techniques, like for example automatically trying lots of passwords, sometimes for months. Once this works out, an embedded piece of Javascript is added to the website’s HTML template, following which all keystrokes from the customers on the website would be recorded. The data thus recorded would be sent, in real-time, to the hacker’s main server, which, according to de Groot, is “registered in Moscow”. Thus all personal details about customers- usernames, passwords, credit card data etc- are stolen.

Willem de Groot adds, “The malware includes a recovery mechanism as well. In case of the Magento software, it adds a backdoor to cron.php. That will periodically download malicious code, and, after running, delete itself, so no traces are left.”

How to deal with an infection…

Any e-commerce store that has detected the presence of a skimmer should focus on doing the following things, as per Willem de Groot:

  • Finding out how the hackers had gained their entry into the system. It needs to be found out if any of the staff computers is infected. This can be done by analyzing back-end logs and correlating with staff IPs and their working hours. Suspicious activities, if any, could help identify the system that has been infected or the session that the hacker has hijacked.
  • Finding the backdoors and the unauthorized changed that are there is the store’s codebase.
  • Closing or blocking all the means that the hackers have used for unauthorized access.
  • Removing the skimmer, backdoors and other code and then reverting to a certified safe copy of the codebase, if that’s possible. (Willem de Groot says, “Malware is often hidden in default HTML header/footers, but also in minimized, static Javascript files, hidden in deep in the codebase. You should check all HTML/JS assets that are loaded during the checkout process.”)
  • Implementing strong security procedures to prevent future infections.

E-commerce companies that don’t have much experience with forensic analysis can also hire the services of a professional.

Strong passwords, regular patching help prevent infection

Having strong passwords, effective password management and regular patching would definitely go a great way in preventing infection. This applies not just to the ‘MagentoCore’ malware, but to all malware infections in general.

Passwords need to be strong, with a mix of capital and small letters, numbers and non-alphanumerical characters. The passwords need to be changed regularly as well.

E-commerce businesses must have a stringent patching schedule, with patching being done at least once a week. The patching frequency needs to increase if any business is operating active online environments, like e-commerce stores.

It’s always to be remembered that cybercriminals are on the lookout for unpatched websites that may contain security vulnerabilities.

Source link

 

Beware of what you save in web browsers

Beware of what you save in web browsers

Passwords are a double-edged sword. If you make them too simple, they’ll be easy to guess; if you make them too complex, they’ll be impossible to remember. One solution is to create an uncrackable password and save it to your browser. Unfortunately, recent research suggests that tactic could drastically reduce your privacy.

 

Why auto-fill passwords are so dangerous

In 2015, the average internet user had 90 online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.

Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.

The process of tricking a browser or password manager into giving up this saved information is incredibly simple. All it takes is an invisible form placed on a compromised webpage to collect users’ login information without them knowing.

 

Using auto-fill to track users

Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.

Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit. These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.

 

One simple security tip for today

Turn off auto-fill in your web browser. It’s quick, easy, and will go to great lengths to improve your account security.

  • If you use Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords
  • If you use Firefox – Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
  • If you use Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe.

Source: techadvisory.org

 

Phishing alert: scammers now use encryption

Phishing alert: scammers now use encryption

When you visit an encrypted website, the connection between the source of the web page and your browser is secure. Encryption ensures users’ browsing habits are safe from hackers’ prying eyes, but phishing scammers have found a way to adopt it for their own schemes.

 

How hackers use encryption to carry out phishing scams

According to recent research, 24% of phishing scams in 2017 use web encryption — an astounding increase from last year’s 3%. This means more HTTPS sites may not be truly safe.

Phishing scammers rely on their victims to do what they ask, which is why it’s so effective. And with this new trick, unsuspecting users are more likely to be deceived. What makes this encryption-aided scam even more effective — and dangerous — is that it makes hackers’ phishing email or text that much more authentic-looking.

For example, if you receive an email that purports to be from Amazon and includes a link to an encrypted site, there’s now a slightly higher chance you’d believe this email is the real deal. Clearly, if you’ve never purchased anything from Amazon, you’d know that this is a fake. But then again, there are millions of Amazon customers who could be misled into thinking that that email is legitimate.

 

Does encryption mean a safer internet?

With organizations like the Internet Security Research Group and Google promoting encryption, the world wide web should be a safer place, but that’s not necessarily the case. In fact, encrypting more legitimate websites could simply result in an increased number of encrypted phishing sites.

It may also be useful to know that not all phishing sites use encryption. Many phishing scams are still carried out using websites that may or may not be encrypted.

 

What you can do to ensure safety

This isn’t meant to cause panic, and despite this new phishing tactic, encryption is still an essential security tool that every business must implement.

Websites with HTTPS are still much safer than unencrypted ones. This is why it’s more important than ever to be vigilant when visiting suspicious sites and clicking on links. If you receive an email from PayPal asking you to verify your bank account details or password to a seemingly secure link, be wary. Some phishing scams are easy to detect, but some are not.

Practice extreme caution when responding to requests for sensitive data. Consider the source of the message, think before clicking, and don’t hesitate to seek the advice of an expert in case you have doubts. Phishers succeed only if you do what they ask you to do.

source: techadvisory.org

 

Chrome Cleanup tool’s enhanced features

Chrome Cleanup Tool's enhanced features

Even if you’re sure that the websites you visit are safe, the harmful software can still slip through, especially when you download and install free programs and applications. As the world’s most popular browser, Chrome is especially prone to infection. Fortunately, Google has improved Chrome’s Cleanup tool for Windows by integrating the following security features.

 

Detect hijacked settings

Many users prefer to enhance their browsing experience by installing extensions or plug-ins, some of which could be malicious. When these extensions are installed, they could inject harmful ads into web pages or allow access to third-party servers without the user’s consent.

Google’s new hijacked settings detection function prevents this from happening. Once it detects an attempt by a third party to change your browser’s settings, it will automatically revert to Chrome’s default settings. And in case you suspect any unauthorized change in your browser, you can manually reset settings in Chrome.

 

Simplify cleanup

You probably don’t remember downloading many of the files in your Downloads folder, but these are actually software and other attachments that were bundled with the software that you do use.

Chrome Cleanup’s newly simplified feature makes it easier for you to determine harmful files, easing the pain of sorting through and deleting tons of downloaded files. Whenever it detects a malicious software, users will get a pop-up message that offers them an easy way to remove the potential threat, get more details about it, or disregard it in case of false detection.

 

Maximize removal of non-essential software

Aside from the simplified interface, Google also made some much-needed improvements in Chrome Cleanup’s performance, so it’s now capable of eliminating more junkware.

Tricking users into installing a program without their consent is one of the many characteristics of unwanted software that Google lists under its Unwanted Software Policy. To help fight against this and other browser security risks, the company has partnered with an IT security team to strengthen Chrome’s ability to detect and remove unwelcome add-ons.

It’s important to note that these upgrades don’t affect Chrome’s performance and speed because they work in the background. In addition, these changes are now available in Windows devices but will soon roll out to other platforms. In the meantime, if you want to find out more about browser and application security, contact our security specialists today!

Source: TechAdvisory.org

 

PRECAUTIONS THAT EVERY COMPUTER USER SHOULD IMPLEMENT

some precautions every computer user should implement

some precautions every computer user should implement

HERE ARE SOME PRECAUTIONS THAT EVERY COMPUTER USER SHOULD IMPLEMENT INTO THEIR COMPUTER SECURITY

 

  • Make routine or schedule antivirus scans.

It’s very important to run a regular full virus scan of your windows computer system once a week, doing this will detect and pick up any PUP’s (potently unwanted programs) viruses, malware, worms, spyware, or any other threats that may have dropped onto the system.

 

  • Keep your virus definitions up-to-date.

This is a very important step, you want to make sure you have automatically installed the latest virus definitions and software updates. Another common mistake is letting your paid subscription run out on paid antivirus software, this means you can’t update to the latest virus definitions.

 

  • Keep Windows up-to-date.

Keeping your Windows operating system up to date with security patches and services packs is very important, this can block any security holes in your operating system. Never use the pirated cracked software. These can be packed with backdoor Trojans.

 

  • E-mail spam blocking or filtering.

A lot of junk or spam e-mail can be harmless most of the time. But there is a nasty type of e-mail that use a phishing tactics to try and convince you that you have won a prize or you’re entitled to a refund of money or you have a parcel waiting for delivery to you or your bank needs you to update your banking details. This, of course, is a scam and they are trying to con you out of your money, the e-mail messages can contain viruses or worms, which can install a backdoor in your computer system to exploit your network and steal your sensitive personal data and login information details to your bank. Using software like MailWasher can help stop email spam.

 

  • There are some simple tips to keep the computer secure:-

  1. Never click on hyperlinks in your e-mail
  2. Never open attachments from a stranger or unknown source.
  3. Look for Typos and Poor Grammar.
  4. Scam Email use greeting “Dear Customer”. This is a fake email, your bank would use your full name.
  5. Phishing emails will request personal information from you, such as your bank account information, mother’s maiden name, passwords, secret question, and answer etc. Your bank will never ask for this information in an email or ask you to perform security-related changes to your bank account details in an email.
  6. Never use the public computer like cyber café or wireless connection to do online banking. Because your personal information could be stored on the computer and retrieved at a later date by a cyber-criminal or hacker.
  7. Always use strong passwords and change them regularly. Use at least 10 to 15 characters with capital letters and lower-case letters, also use a mixture of numbers and special characters. (example 8oB_S@m#$xX-)
  8. Avoid password that contains birth dates, family names, pet names, football teams, these can be easily socially engineered from you.
  9. Never store sensitive information on your computer.
  10. Never let a stranger remote into your computer.
  11. Use password encryption software like LastPass
  12. Never use bad reputation file sharing websites or peer-to-peer (P2P) networks or torrent sites. If you are going to download freeware or any other type of content from the internet, make sure it’s from a reliable source. Pirated software and cracks contain Viruses, Malware, Trojans, Rootkit, Spyware, and Worms. These can lay hidden and undetected on the computer system to the average user.

That’s it, Hope this article helps you out. Please share with friends and family.

 

 

Beware of sneaky Microsoft Office malware

 

Beware of sneaky Microsoft Office malware

Microsoft Office malware

Cybersecurity systems are getting better at identifying and preventing attacks coming from all directions. At the same time, hackers are coming up with new ways to bypass these systems. While online scams are the most common ways to do this, cybercriminals have discovered a new attack method using Microsoft Office.

 

What’s the new Office threat?

The Office exploit takes advantage of Microsoft’s Dynamic Data Exchange (DDE), a protocol that sends messages and data between applications. For example, DDE can be used to automatically update a table in a Word document with data collected in an Excel spreadsheet.

The problem with this is hackers can create DDE-enabled documents that link to malicious sources rather than to other Office apps. Theoretically, this allows hackers to launch scripts that download Trojan viruses from the internet and execute it before the user is even aware of the attack.

And unlike most malware-embedded Office files, which are usually blocked by security protocols from Microsoft, DDE exploits are instant. Once a compromised Word file is opened, it automatically executes the hack.

 

Outlook at risk

What’s even more alarming are the DDE vulnerabilities in Outlook. Recent reports found that hackers can embed malicious code in the body of an email or calendar invite, allowing them to perform phishing scams without a file attachment.

Fortunately, Outlook DDE attacks are not as automated as Word or Excel DDE attacks. Two dialog boxes will usually appear when you open the email asking if you want to update a document with data from linked files and start a specific application. Simply clicking ‘No’ on either of these boxes will stop the attack from executing.

 

Defending against DDE attacks

Beyond saying no, you can protect yourself by following these security best practices:

  • Evaluate the authenticity of unsolicited emails before interacting with them and don’t open attachments from unfamiliar contacts.
  • View emails in plain text format to completely stop DDE attacks embedded directly in emails from running. Note that this will also disable all original formatting, colors, images, and buttons.
  • Use a strong email security system that prevents phishing emails, spam, and other unwanted messages from reaching your inbox.
  • Get in the habit of checking for Microsoft updates, as they’re usually quick to release patches after vulnerabilities have been discovered.

Last but not least, consider working with our team. We’re Microsoft Office experts who can keep you safe from the latest threats. Call us today to get started!

source: TechAdvisory.org

 

Top productivity hacks for computer users

     

We’re all obsessed with finding new ways to become more productive. Business gurus often emphasize the importance of time management and taking breaks to avoid burnout. But aside from motivating yourself to work more efficiently, there are plenty of tools that increase your daily output. If you use a computer all day, check out these productivity hacks.

Monitor productivity levels

Start by tracking how much work you complete on an average day. Google Chrome Extensions like RescueTime record your most frequently visited sites, and track how much time you spend away from your computer. Running the app will provide you with a productivity rating and a detailed log of how you spend an average day.

If you find out you’re wasting a huge portion of your time on social networking, you’re more likely to make conscious adjustments on how you manage your time.

Get rid of clutter

Another way to increase output is by deleting old files, uninstalling unused programs, and organizing documents into appropriately labeled folders. This makes your work easier to find and improves your computer’s performance.

As for the clutter in your email inbox, Gmail and Outlook both have features that filter out unimportant messages. Simply enable Priority Inbox on Gmail or Clutter in Outlook to get a clean, spam-free inbox.

Block time-wasting sites

Visiting non-work-related websites is a surefire way to hinder productivity. A quick, five-minute break to check your Facebook feed or watch a YouTube clip may not seem like much, but a few of those per day add up to a lot of time.

If you and your employees have trouble staying away from sites like Facebook, Instagram, and Twitter, it’s a good idea to block access to them using URL filters.

Of course, if you want your employees to take occasional breaks during the day, you could use apps like StayFocusd or Strict Workflow. These allow you to set a limit on how long and how many times users can visit non-work-related sites.

Stay on track with to-do lists

To-do lists help you break down large projects into manageable, bite-sized tasks. And perhaps the most satisfying aspect is crossing things off the list, giving you and your employees a sense of accomplishment and total visibility of your progress.

There are a wide variety of digital to-do lists available today like Google Tasks or Trello. These platforms allow you to set deadlines for small tasks and write clear instructions for each item on the list. What’s more, they’re incredibly easy to use and are great for keeping track of your workflow.

Use keyboard shortcuts

Last but not least, mastering keyboard shortcuts will make it easier to perform simple functions than if you’re stuck looking for them in the toolbar. There are more than a hundred useful shortcuts, but some that you should always keep in mind are:

    • Ctrl + C, Ctrl + V, Ctrl + X – to copy, paste, and cut selected items
    • Ctrl + Z – to undo changes
    • Ctrl + T – to open a new tab on your web browser
    • Alt + Tab – to switch between open windows
    • Alt + F4 – to close the program

For much more like these, take a look at Windows’ list of advanced shortcuts.

These are just some of the tips every user should know to stay productive.

source: TechAdvisory.org

 

computer repairs

Watch out for the huge KRACK in WiFi security!

A fundamental flaw with WiFi networks has recently been discovered by two security researchers. According to their reports, the KRACK vulnerability renders advanced encryption protocols useless and affects nearly every wireless device. Read on to find out more about KRACK hacks and how you can defend against them.

What is KRACK?

Simply put, KRACK, short for ‘key reinstallation attack,’ allows hackers to bypass WPA2 — a security protocol used by routers and devices to encrypt activity — and intercepts sensitive data passing between the mobile device and the wireless router, including login details, credit card numbers, private emails, and photos.

In extreme cases, KRACKed devices can be remotely controlled. For example, hackers can log in to your surveillance systems and shut them down.

What’s worse, Internet of Things devices — like smart thermostats and IP cameras — rarely receive security fixes, and even if some are available, applying patches are difficult, as these devices tend to have complex user interfaces.

The good news, however, is you can do several things to mitigate the risks.

Download patches immediately

According to recent reports, security patches have already been released for major platforms, including iOS, Windows, and Android. Router manufacturers such as Ubiquiti, Mikrotik, Meraki, and Fortinet have also issued firmware updates, so make sure to install them as soon as possible.

Although IoT patches are rare, consider getting your smart devices from reputable vendors that push out updates regularly. It’s also a good idea to contact a managed services provider to install the updates for you.

Use Ethernet connections

Some wireless routers don’t yet have a security patch, so while you’re waiting, use an Ethernet cable and disable your router’s wireless setting. Turn off the WiFi on your devices as well to make sure you’re not connecting to networks susceptible to KRACK.

Stay off public networks

Free public WiFi networks — even ones that are password-protected — in your local cafe should also be avoided because they usually don’t have holistic security measures in place, making them easy targets for cybercriminals.

Connect to HTTPS websites

If you do need to connect to a public WiFi hotspot, visit websites that start with “HTTPS,” and stay away from ones that are prefaced with “HTTP.” This is because HTTPS websites encrypt all traffic between your browser and the website, regardless of whether the connection is vulnerable to KRACK

Hop on a Virtual Private Network (VPN)

You can also use a VPN service to hide all network activity. Simply put, VPNs encrypt your internet connection so that all the data you’re transmitting is safe from prying eyes.

Although the potential impact of a KRACK hack is devastating, security awareness and top-notch support are the best ways to stay safe online. Want more security tips? Contact us today.

source: TechAdvisory.org

 

laptop repair

How to set up a secured Wi-Fi for your guests

• Never give guests access to your primary Wi-Fi

While giving guests password to your company’s main Wi-Fi might be the easiest way to get them connected, you should avoid this at all costs.
Anyone with a little technical know-how can potentially access everything on your company network, including confidential data. Not to mention, guests’ devices connected to your business network increase the risk of a malware infection or cyber attack since you can never be sure that they’re safe and secure.

• Ways to create secondary Wi-Fi for guests

If your router has built-in guest Wi-Fi support (you can check this feature through a quick web search) you could use it to create a separate “virtual” network. This means guests will have access to the internet without connecting to your main company network.
If your router doesn’t support multiple Wi-Fi networks, you can implement a separate wireless access point that bypasses the rest of your network and connects directly to your Internet service provider (ISP) connection.
Both options will keep your guests’ connectivity separate from your company network so you’ll never have to worry about unauthorized persons accessing your company data.
Keep in mind that guest Wi-Fi still uses your ISP connection so you should limit bandwidth usage on your guest network. The last thing you want is a guest streaming videos that slow down the Internet for your employees. With that in mind, you can even have your employees use guest Wi-Fi for their personal devices too. This minimizes the chance of employees hogging company bandwidth for personal use.
Your guest Wi-Fi should only provide outsiders with internet access, nothing more. While the proper setup isn’t rocket science, it can be a tedious process. Having said that, if you need a team of experts to take care of it all for you, or simply have questions about how else to leverage your hardware for better efficiency and security, just give us a call.

source: TechAdvisory.org