Business Intelligence & IT Solutions LLC http://www.biitsllc.com Tue, 17 Oct 2017 15:53:49 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.6 New WiFi Issue Could Affect Millions Of Users And Devices http://www.biitsllc.com/2017/10/17/new-wifi-issue-could-affect-millions-of-users-and-devices/ http://www.biitsllc.com/2017/10/17/new-wifi-issue-could-affect-millions-of-users-and-devices/#respond Tue, 17 Oct 2017 15:00:00 +0000 http://www.biitsllc.com/2017/10/17/new-wifi-issue-could-affect-millions-of-users-and-devices/ Security researchers have found a new critical security flaw dubbed “Krack� (Key Reinstallation Attacks) that affects literally every WiFi router and smart phone in use today. The reason? The security flaw resides ...]]> Security researchers have found a new critical security flaw dubbed “Krack� (Key Reinstallation Attacks) that affects literally every WiFi router and smart phone in use today. The reason? The security flaw resides in the WiFi standard itself, rather than in a third-party product.

In addition to being vast in scope and scale, Krack is a particularly nasty, versatile flaw, allowing hackers to intercept credit card numbers, passwords, photos and a whole host of sensitive personal information.

It works like this: A hacker finds a vulnerable WPA2 network, and then makes an exact copy of it, including impersonating the MAC address. This clone then serves as a “man in the middle� allowing the hacker who controls it to intercept everything passing through it.

WPA2 encryption requires a unique key to encrypt each block of plain text, but because Krack attacks make a copy that’s indistinguishable from the original, they’re able to use the same encryption key.

As bad as that is, it gets worse for Android and Linux users. Thanks to a bug in the WPA2 standard, these devices don’t force the client to demand a unique encryption key with each use. Instead, they allow the key to be “zeroed out,� literally creating an encryption key containing all zeroes, which interferes with a key part of the handshake process.

In addition to that, hackers can deploy specialized scripts that can cause the connection to bypass HTTPS, which leaves passwords and other normally protected data exposed.

If there’s a silver lining, it is that the attack can’t be used to target routers directly, but honestly, that’s not much of a silver lining, because the potential damage this new vector could cause is virtually without limit.

Unfortunately, until a patch is released, there’s not much you can do, short of turning off WiFi altogether. This may work for smartphone users, but it is simply impractical for routers.

There’s some good news, though. The fix should be relatively easy to implement, although no ETA has been given at this point.

Used with permission from Article Aggregator

]]>
http://www.biitsllc.com/2017/10/17/new-wifi-issue-could-affect-millions-of-users-and-devices/feed/ 0
Microsoft Drops Groove Music Pass Sending Customers To Spotify http://www.biitsllc.com/2017/10/16/microsoft-drops-groove-music-pass-sending-customers-to-spotify/ http://www.biitsllc.com/2017/10/16/microsoft-drops-groove-music-pass-sending-customers-to-spotify/#respond Mon, 16 Oct 2017 15:00:00 +0000 http://www.biitsllc.com/2017/10/16/microsoft-drops-groove-music-pass-sending-customers-to-spotify/ Groove Music has had a short, troubled life. It started out as Zune Music, but Microsoft bought it in 2012, promptly rebranding it as Xbox Music before changing its name again to ...]]> Groove Music has had a short, troubled life.

It started out as Zune Music, but Microsoft bought it in 2012, promptly rebranding it as Xbox Music before changing its name again to Groove. Now, the company has decided to get out of the music business altogether, and is sending all of its paying customers over to Spotify.

The idea behind Groove music was a pretty solid one. When Windows 10 was rolled out, it included a new music player called Groove, and the music service was to tie into this new platform, allowing users to play either locally stored music files or subscribe to a streaming service, switching between the two seamlessly.

Groove Music Pass was the name given to the subscription service that allowed users to stream music via desktops, mobile devices and gaming consoles.

Although no detailed explanation was given, it seems clear that the service didn’t turn out to be the financial boon that Microsoft first imagined it to be. So, as part of the company’s next Patch Tuesday rollout, all Groove Music Pass customers will receive a notification and instructions on how to move their music collection over to Spotify.

Note, however, that the Groove music player itself lives on, and you’ll still be able to use it to play locally stored music files.

The bottom line is that if you’re a Groove Music Pass user, this may actually be good news. Spotify is an excellent service with a broader selection than that which was available on Microsoft’s service. They’ve been in the business longer and are obviously committed to remaining one of the industry’s top players, so the opportunity to switch, while it does carry some initial overhead and annoyance, is almost certain to be well worth it in the long run.

Used with permission from Article Aggregator

]]>
http://www.biitsllc.com/2017/10/16/microsoft-drops-groove-music-pass-sending-customers-to-spotify/feed/ 0
ATMs Continue To Be Huge Target For Hackers http://www.biitsllc.com/2017/10/14/atms-continue-to-be-huge-target-for-hackers/ http://www.biitsllc.com/2017/10/14/atms-continue-to-be-huge-target-for-hackers/#respond Sat, 14 Oct 2017 15:00:00 +0000 http://www.biitsllc.com/2017/10/14/atms-continue-to-be-huge-target-for-hackers/ Hackers are the new bank robbers in a very literal sense. Increasingly, hackers have taken to infiltrating bank networks specifically for the purpose of infecting ATMs attached to their network with malicious ...]]> Hackers are the new bank robbers in a very literal sense. Increasingly, hackers have taken to infiltrating bank networks specifically for the purpose of infecting ATMs attached to their network with malicious code that makes stealing from them a snap.

Once the malware has been installed on a target machine, a lower level member of the hacker’s organization can simply walk up and activate the code via a pre-defined numeric sequence, causing it to spit out money.

All the low-level hacker has to do is pocket it, take it back to HQ, and divide the spoils.

It gets even better from the hacker’s point of view, though. The same malware that can be triggered to launch the “Cash Out” style attack described above can also collect debit card information from anyone who uses the machine, enabling them to double dip, stealing not just from the bank, but also from a growing collection of its customers.

Considering the extreme risks involved with “Old School” bank robbing, this is a pretty attractive option, and it’s not at all hard to see why hackers have been increasingly drawn to it.

Thus far, attacks like these have been seen in the Far East, but haven’t yet made their way to Europe or America in any significant way. Given their level of success, however, it’s just a matter of time before we start seeing similar attacks here.

So far, the largest attack of this type occurred in Taiwan, in July 2016, when a group of hackers orchestrated a highly coordinated attack that struck 41 different ATMs and saw the group make off with a hefty $2.7 million in cash.

Again, this is small potatoes compared to some other, more mainstream attacks. Take the malware Carbanak, for instance, which has been tied to bank thefts totaling more than $1 billion dollars in a combination of fraudulent wire transfers and ATM attacks. Even so, the trend is a growing one, and it’s all but inevitable that we’ll start seeing them in the US, probably sooner rather than later.

Used with permission from Article Aggregator

]]>
http://www.biitsllc.com/2017/10/14/atms-continue-to-be-huge-target-for-hackers/feed/ 0
Equifax Announces Another 2+ Million Were Affected By Breach http://www.biitsllc.com/2017/10/13/equifax-announces-another-2-million-were-affected-by-breach/ http://www.biitsllc.com/2017/10/13/equifax-announces-another-2-million-were-affected-by-breach/#respond Fri, 13 Oct 2017 15:00:00 +0000 http://www.biitsllc.com/2017/10/13/equifax-announces-another-2-million-were-affected-by-breach/ Equifax’s problems just keep getting worse. Not long ago, the company suffered a major data breach that ultimately resulted in the CEO stepping down and a painful congressional grilling. Initial estimates placed ...]]> Equifax’s problems just keep getting worse.

Not long ago, the company suffered a major data breach that ultimately resulted in the CEO stepping down and a painful congressional grilling. Initial estimates placed the number of impacted users at some 143 million, but as the investigation has continued, it turns out that the numbers are even higher than initially feared. Based on the forensic team’s final report, as many as 145.5 million users were impacted.

In our modern society, there are many who would argue that your credit score is as important, if not more important than your social security number. To arrive at your score, the “Big Three� credit reporting agencies necessarily have to collect a large amount of sensitive information about people, so when they suffer from a breach, it’s bad, and in Equifax’s case, it just keeps getting worse.

Based on the latest information, the compromised data included names, social security numbers, birthdays, and addresses. If that wasn’t bad enough, some 200,000 customers saw their credit card information exposed, along with an unknown number of electronic documents containing PII.

Most of the impacted customers live in the United States, but approximately 80,000 were Canadians.

To put these numbers in full context, Equifax maintains files on more than 800 million people around the world, along with more than 90 million businesses, so the breach, while catastrophic in size, wasn’t nearly as bad as it could have been.

That’s small consolation to the millions who have been impacted, but it’s important to understand that as bad as the breach was, it was quite far from the worst case scenario.

In the aftermath of the breach, the company has come under fire by the US Government, which has charged that the company actually stands to profit from it by selling a credit monitoring service after giving impacted consumers one year free.

In light of the recent congressional hearings on the matter, the future of that program is unclear, but this breach, and its root cause (an unpatched Apache Struts 2 vulnerability) serves to underscore how easy it is for even big multinational companies to fall victim to a determined hacker.

Used with permission from Article Aggregator

]]>
http://www.biitsllc.com/2017/10/13/equifax-announces-another-2-million-were-affected-by-breach/feed/ 0
Whole Foods Reports Credit Card Breach http://www.biitsllc.com/2017/10/12/whole-foods-reports-credit-card-breach/ http://www.biitsllc.com/2017/10/12/whole-foods-reports-credit-card-breach/#respond Thu, 12 Oct 2017 15:00:00 +0000 http://www.biitsllc.com/2017/10/12/whole-foods-reports-credit-card-breach/ It seems that hardly a week goes by that we don’t hear about another high-profile data breach. This time in the hot seat, we find Amazon-owned Whole Foods. Specifically, we find Whole ...]]> It seems that hardly a week goes by that we don’t hear about another high-profile data breach. This time in the hot seat, we find Amazon-owned Whole Foods. Specifically, we find Whole Foods Market locations. The company is reporting that hackers were able to gain unauthorized access to credit card information at an undisclosed number of its scores in the US, the UK and Canada.

So far, the company has not released details relating to which stores were impacted, only that POS terminals were targeted, and that some customer credit and debit card data was compromised, though a company spokesperson did stress that the breach did not allow the hackers to access Amazon.com purchase information.

Whole Foods has called in an outside firm to help it investigate the breach, is working with law enforcement agencies and has posted a brief notice on their website.

The company encourages anyone who has shopped at Whole Foods Market to monitor their credit card statements closely to make sure there’s been no unauthorized activity.

As corporate responses go, Whole Foods’ has been less than perfect. So far, the company has not released any details about the exact number of stores impacted, where they were, and how many customers have been affected.

Further, to this point, there’s no indication that the company has made any attempt to reach out to the impacted customers and notify them, or offer them any form of free credit monitoring or related services. Although, to be fair, the situation is still unfolding and the company may take these actions at some point down the road.

The situation is still quite fluid, and if and as additional information becomes available, we’ll have more to say about this. For the time being, the important takeaway is that if you’ve shopped at Whole Foods Market, keep a close watch on your credit or debit card. It may have been compromised.

Used with permission from Article Aggregator

]]>
http://www.biitsllc.com/2017/10/12/whole-foods-reports-credit-card-breach/feed/ 0
New Malware Can Infect Computers, Even With Windows Defender http://www.biitsllc.com/2017/10/11/new-malware-can-infect-computers-even-with-windows-defender/ http://www.biitsllc.com/2017/10/11/new-malware-can-infect-computers-even-with-windows-defender/#respond Wed, 11 Oct 2017 15:00:00 +0000 http://www.biitsllc.com/2017/10/11/new-malware-can-infect-computers-even-with-windows-defender/ Researchers at the security firm CyberArk have discovered a new attack vector they’ve dubbed “Illusion Gap.” While it’s somewhat tricky for a hacker to implement, when it works, it can be devastatingly ...]]> Researchers at the security firm CyberArk have discovered a new attack vector they’ve dubbed “Illusion Gap.” While it’s somewhat tricky for a hacker to implement, when it works, it can be devastatingly effective, completely bypassing Windows Defender, which is security software that comes pre-loaded on all Windows-based computers.

To successfully execute the attack, the hacker relies on a combination of social engineering tricks and the use of a rogue SMB server. Thanks to the way Windows Defender scans files stored on an SMB share, if he can convince a user to execute a poisoned file hosted on a malicious server, then Windows Defender can be bypassed completely.

This is actually not as difficult as it may first appear. Often, simply presenting the user with a shortcut to the poisoned file is sufficient, and the moment that a user double clicks the shortcut, the damage is done.

Windows Defender does try, because before the file is executed, it requests a copy for scanning purposes, but the hackers can simply substitute a clean copy of the file to hand off to Windows Defender, tricking it into thinking that there’s no problem. That done, the poisoned file executes and can inject whatever code the hacker likes into the target system.

Unfortunately, Microsoft does not view this as a security issue at all. CyberArk contacted Microsoft when they discovered the flaw, and received the following as a response from the company:

“Thanks for your email. Based on your report, successful attack requires a user to run/trust content from an untrusted SMB share backed by a custom server that can change its behavior depending on the access pattern. This doesn’t seem to be a security issue but a feature request which I have forwarded to the engineering group.

Thanks again for reporting security issues to Microsoft responsibly and we appreciate your effort in doing so.”

All that is to say, where Illusion Gap is concerned, you’re on your own, at least for the time being. Be very careful when you click on any file hosted on an SMB server, or any shortcuts to them.

Used with permission from Article Aggregator

]]>
http://www.biitsllc.com/2017/10/11/new-malware-can-infect-computers-even-with-windows-defender/feed/ 0
MAC Computers Are Still Suffering From EFI Hack http://www.biitsllc.com/2017/10/10/mac-computers-are-still-suffering-from-efi-hack/ http://www.biitsllc.com/2017/10/10/mac-computers-are-still-suffering-from-efi-hack/#respond Tue, 10 Oct 2017 15:00:00 +0000 http://www.biitsllc.com/2017/10/10/mac-computers-are-still-suffering-from-efi-hack/ One of the first, best pieces of advice computer owners get is to always keep their operating system up to date. It’s sound advice, because OS manufacturers generally do a good job ...]]> One of the first, best pieces of advice computer owners get is to always keep their operating system up to date. It’s sound advice, because OS manufacturers generally do a good job of responding to new attack vectors and releasing security patches designed to make sure that hackers don’t have an easy time breaking into your system.

Mac users, though, face a slightly different problem. It’s one that can’t be solved by something as simple as keeping their OS current.

The issue lies with EFI, which stands for Extensible Firmware Interface. This technology was designed by Intel, not Apple, and it is the bit of code that runs before the Apple OS boots up and takes over. Unfortunately, any code, firmware included, can contain flaws and security vulnerabilities, and in the case of EFI, hackers have found a way in that bypasses Apple’s normally robust security measures.

By injecting malicious code prior to the OS taking the reins, hackers have been able to quietly infect a surprising number of Mac machines, and because the firmware isn’t part of the OS proper, none of Apple’s security updates touch it.

It’s certainly possible for the company to push firmware updates, but these are handled differently than OS security patches, and as such, not all users get them. Even if they get a notification, they may not install the update.

In fact, recent research by the security company “Duo Labs” analyzed more than 73,000 Macs and found that 4.2 percent of them were running firmware versions with known vulnerabilities.

This is a problem badly in need of a robust solution. Users have been conditioned to install OS security updates, but rarely think about the firmware that controls the initial boot process, and as such, have a blind spot for the dangers that outdated firmware represents.

So far, Apple has shown surprisingly little interest in offering a more reliable firmware update solution, so if you use Mac computers in your home or office, for the time being at least, it falls to you to be sure that you’re updating not just the OS that drives your machine, but the firmware that your OS relies on.

Used with permission from Article Aggregator

]]>
http://www.biitsllc.com/2017/10/10/mac-computers-are-still-suffering-from-efi-hack/feed/ 0
Hackers Infiltrate Deloitte Accounting Firm http://www.biitsllc.com/2017/10/09/hackers-infiltrate-deloitte-accounting-firm/ http://www.biitsllc.com/2017/10/09/hackers-infiltrate-deloitte-accounting-firm/#respond Mon, 09 Oct 2017 15:00:00 +0000 http://www.biitsllc.com/2017/10/09/hackers-infiltrate-deloitte-accounting-firm/ Deloitte is not exactly a household name. In fact, unless you use the company’s services, you may not have ever heard of them, even though they’re one of the largest accounting firms ...]]> Deloitte is not exactly a household name. In fact, unless you use the company’s services, you may not have ever heard of them, even though they’re one of the largest accounting firms in the world.

The company has the distinction of having been named the best cybersecurity consultant company in the world in 2012, and yet, even with that distinction, the company fell victim to a hacking attack that saw their core systems breached.

Company officials became aware of the breach in March, but took great pains to keep their investigation, and details into the matter a closely guarded secret as they monitored the activity of the hackers and worked quietly to solve the problem.

That investigation revealed that the hackers were able to gain access to the company’s data via an email server, all because the admin whose account was compromised had failed to use two-factor authentication, meaning all the hackers had to do to gain access was to acquire a single password. They did so, and the rest is, as they say, history.

Over the span of months that the hacker was active, he was able to gain access to a broad spectrum of information relating to a number of the company’s larger clients, including user names, passwords, IP addresses, health information and architectural diagrams.

So far, six of Deloitte’s clients have been informed of the breach and the potential impact to them. In one of the few public statements made about the matter, a company spokesman reported the following:

• A comprehensive security review has been performed and completed, utilizing assets both inside the company and from third party vendors
• All impacted clients and the appropriate government officials have been contacted
• No disruption to any client’s business has occurred as a result of the breach

As you can see, then, the company has opted for a tight-lipped approach when it comes to releasing details about the breach. This may well work in their specific case, but it is probably not a model to base your own company’s response on in the aftermath of a successful hacking attack.

Used with permission from Article Aggregator

]]>
http://www.biitsllc.com/2017/10/09/hackers-infiltrate-deloitte-accounting-firm/feed/ 0
Google Personal Data Requests Are On The Rise http://www.biitsllc.com/2017/10/07/google-personal-data-requests-are-on-the-rise/ http://www.biitsllc.com/2017/10/07/google-personal-data-requests-are-on-the-rise/#respond Sat, 07 Oct 2017 15:00:00 +0000 http://www.biitsllc.com/2017/10/07/google-personal-data-requests-are-on-the-rise/ Google’s latest Transparency Report is out, and the results have raised concerns with privacy advocates from around the world. This time last year, Google received 44,943 requests relating to 76,713 user accounts ...]]> Google’s latest Transparency Report is out, and the results have raised concerns with privacy advocates from around the world.

This time last year, Google received 44,943 requests relating to 76,713 user accounts from the governments around the world. This year’s figures have increased to 48,941 requests relating to 83,345 accounts. The company acceded to 65 percent of requests made.

The US government was, predictably, the biggest requestor, with the German, British and French governments also featured prominently.

Note that these figures specifically do not include FISA (Foreign Intelligence Surveillance Act) requests, as such requests are subject to a six-month reporting delay.

Of interest, a key component of FISA is set to expire at the end of 2017, and Google is working with Congress to try and pass a reform that will improve netizens’ privacy protections.

The core argument is that processing requests from foreign governments is too slow, and could be replaced by an update to the US Electronic Communications Privacy Act (ECPA). According to Richard Salgado, Google’s Director of Law Enforcement and Information Security:

“ECPA should also be updated to enable countries that commit to baseline privacy, due process, and human rights principles to make direct requests to US providers.

Providing a pathway for such countries to obtain electronic evidence directly from service providers in other jurisdictions will remove incentives for the unilateral, extraterritorial assertion of a country’s laws, data localization proposals, aggressive expansion of government access authorities and dangerous investigative techniques. These measures ultimately weaken privacy, due process, and human rights standards.”

It's too soon to say whether Google’s efforts will bear fruit, but if they do, it would be a big step in the right direction, and an unqualified win for privacy watchdog groups everywhere.

Interestingly, Apple also released its annual Transparency Report, which revealed a six percent drop in government requests, compared to last year’s figures. At the same time, though, the number of FISA requests Apple received soared from 2750-2900 related to 2000-2249 accounts to 13,250-13,499 related to 9000-9249 accounts.

Regardless of what happens to FISA in congress later this year, the main takeaway is that governments around the world are making an increasing number of requests for personal data of our biggest tech companies, which is a disturbing trend that is sadly not unexpected.

Used with permission from Article Aggregator

]]>
http://www.biitsllc.com/2017/10/07/google-personal-data-requests-are-on-the-rise/feed/ 0
Literally Every Yahoo Email User Was Hacked In 2013 Breach http://www.biitsllc.com/2017/10/06/literally-every-yahoo-email-user-was-hacked-in-2013-breach/ http://www.biitsllc.com/2017/10/06/literally-every-yahoo-email-user-was-hacked-in-2013-breach/#respond Fri, 06 Oct 2017 15:00:00 +0000 http://www.biitsllc.com/2017/10/06/literally-every-yahoo-email-user-was-hacked-in-2013-breach/ Late last year, Yahoo announced that it was the victim of the largest data breach in history. It impacted, by their initial estimates, fully one third of their user base, some one ...]]> Late last year, Yahoo announced that it was the victim of the largest data breach in history. It impacted, by their initial estimates, fully one third of their user base, some one billion users.

As it turns out, Yahoo’s estimates were wildly inaccurate. Literally every person who had a Yahoo account in 2013 was impacted, making the total in the neighborhood of three billion accounts (yes, that’s billion, with a “B”).

If you’re a Yahoo user, and have had your account since 2013 or before, then your account was impacted, regardless of if you received a notification from the company.

You may be tempted to simply delete your account, especially if it’s one you no longer use on a regular basis, but don’t. Yahoo’s policy is to recycle defunct accounts after thirty days, meaning your account can be hijacked by anyone if you delete it.

The best bet is to change your password immediately and enable two-factor authentication to provide an added layer of protection.

Also, if you’re in the habit of using the same password across multiple websites, be sure to change any that share your Yahoo.com account’s password. One of the first things a hacker will try is to use compromised credentials on other accounts. If you don’t take immediate action, you’re essentially handing the hackers the keys to your digital kingdom and opening yourself up to identity theft, compromised bank accounts and credit cards and more.

In fact, this would be a great time to simply get out of the habit of using the same password across multiple web properties. It’s a bad habit, and if it’s one you’ve developed, then it’s time to make a change. True, it’s not as convenient, and having to remember multiple passwords can sometimes be annoying, but isn’t your digital security worth it?

Used with permission from Article Aggregator

]]>
http://www.biitsllc.com/2017/10/06/literally-every-yahoo-email-user-was-hacked-in-2013-breach/feed/ 0