Online Marketplace Selling Hacked Server Credentials Taken Offline by Authorities

Online Marketplace Selling Hacked Server Credentials Taken Offline by Authorities

Information Security, News
Online Marketplace Selling Hacked Server Credentials Taken Offline by Authorities xDedic, an online marketplace for buying and selling hacked server credentials, is no longer accessible to users after authorities took it offline as part of the coordinated multi-country law enforcement action. Users who try to access the xDedic website are referred to a U.S. government site explaining that the online marketplace was taken offline. On January 24, this year, the U.S. Federal Bureau of Investigation (FBI) in pursuant to a seizure warrant issued by the U.S District Court for the Middle District of Florida seized the servers and domain names of xDedic. The seizure was made possible with the assistance of the authorities in Europe, including the Federal Prosecutor’s Office and the Investigating Judge of Belgium, the Ukrainian National Cyber…
Read More
What Is Data Exposure and How to Prevent It

What Is Data Exposure and How to Prevent It

Information Security, IT Support
What Is Data Exposure and How to Prevent It Just a few days into 2019, one of the largest data exposure so far this year has come to light: the data leak of millions of data from an unprotected database of a California-based Voice-over-IP (VoIP) service provider VOIPo. Cloudflare security researcher Justin Painerevealed that VOIPo's database had been accidentally left publicly accessible, unintentionally leaking huge volume of data, including 6.7 million VOIP call logs, 6 million SMS/MMS message logs, and other documents containing internal hostnames, usernames, passwords and API keys.  Paine said he discovered the exposed VOIPo's database using Shodan, a search engine, which unlike Google and other search engines that index only the web, indexes pretty much everything else that's plugged into the internet, including webcams and smart TVs. Using…
Read More
When Cyberattacks Force Organizations to Use Paper

When Cyberattacks Force Organizations to Use Paper

Information Security, Security
When Cyberattacks Force Organizations to Use Paper Computers revolutionized the way we do business, to the point that reliance on computers is almost total for many organizations. This almost total reliance on computers, however, makes many organizations vulnerable to cyberattacks, such as ransomware attacks. The recent ransomware attack on the City Hall of Del Rio, Texashighlights the downside of the digital age. The City Hall of Del Rio succumbed to a ransomware attack resulting in the “transactions at City Hall … being done manually with paper”, the City of Del Rio said in a statement. The City of Del Rio said that its City Hall was attacked by a ransomware last January 10, which prompted the city’s IT department in disabling the city’s servers, the shutting off of the internet…
Read More
How to Secure Your Organization in a Multi-Cloud Environment

How to Secure Your Organization in a Multi-Cloud Environment

Information Security
How to Secure Your Organization in a Multi-Cloud Environment Many organizations today are migrating not just into one cloud environment but into a multi-cloud environment. This multi-cloud migration presents a challenge to organizations especially in securing this new environment. What Is Multi-Cloud? In the good old days, the primary means of storing, managing and processing data was through on-premise local server or personal computer. Thanks in part to more developed internet infrastructure, over the past few years, there has been an unprecedented growth of the “cloud”, which refers to a network of servers that can be accessed via the internet to store, manage and process data. Amazon (via Amazon Web Services), Microsoft (via Microsoft Azure) and Google (via Google Cloud) are some of the major companies that offer cloud services.…
Read More
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

Information Security, IT Support
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc In 2018, publicly known security vulnerabilities continued to be exploited by cyber criminals. One of these known security vulnerabilities is WannaCry, a malicious software (malware) thought to be “old news”, but still continues to hunt for its next victim. What Is WannaCry? WannaCry is known for infecting more than 300,000 computers in 150 countries in less than 24 hours on May 12, 2017. WannaCry attackers infiltrated these hundreds of thousands of computers by using EternalBlue – referring to both the software vulnerability in Microsoft's Windows operating system and the exploit believed to be developed by the U.S. National Security Agency (NSA). Just a few days before the May 16thWannaCry attack, that is, on April 14, 2017, the EternalBlue exploit…
Read More
15 Leading DDoS-for-Hire Sites Shut Down by Authorities

15 Leading DDoS-for-Hire Sites Shut Down by Authorities

Information Security
15 Leading DDoS-for-Hire Sites Shut Down by Authorities Just a few days before the busiest holiday season, the Federal Bureau of Investigation (FBI) shut down 15 websites that offered DDoS-for-hire services. Following the seizure warrants issued by the U.S. District Court for the Central District of California, the FBIshut down 15 sites offering DDoS-for-hire services. These 15 DDoS-for-hire sites, including downthem.org and quantumstress.net, represent some of the world’s leading DDoS-for-hire services, the FBI said in a statement. According to the FBI, the 15 DDoS-for-hire sites that were taken down were responsible for DDoS attacks directed at victims in the U.S. and abroad, including financial institutions, universities, internet service providers, government systems, and various gaming platforms. Between October 2014 and November 2018, the FBI said, Downthem’s database showed it had more…
Read More
Cyber Security Is a Growing Issue for Nonprofit Organizations

Cyber Security Is a Growing Issue for Nonprofit Organizations

Information Security, IT Support
Cyber Security Is a Growing Issue for Nonprofit Organizations  Save the Children, an international nonprofit children's relief and development organization, revealed that a cyber attacker or attackers tricked the organization into paying out almost $1 million. The cyber incident on Save the Children shows that cyber security isn’t only the concern of profit organizations, but also by not-for-profit organizations. While the Save the Children’s cyber incident disclosure was done via the organization’s 2017 tax report, this cyber incident only came to light with the recent report of the Boston Globe. In its tax report, Save the Children said that in April 2017, an unknown cyber attacker or attackers posing as an employee of Save the Children tricked the organization to transfer $997,400 to a fraudulent entity in Japan on the…
Read More
Marriott Reveals 4-Year Long Data Breach Affecting 500 Million Guests

Marriott Reveals 4-Year Long Data Breach Affecting 500 Million Guests

Information Security
Marriott Reveals 4-Year Long Data Breach Affecting 500 Million Guests Marriott International, Inc., the world's largest hotel chain, disclosed a massive data breach that lasted for 4 years, exposing personal and financial information of its 500 million guests, specifically guests who made a reservation at Marriott’s Starwood properties. Marriott has more than 6,700 properties in 129 countries and territories, including Canada. Thirty leading hotel brands are under the Marriott umbrella. Marriott has since become the world's largest hotel chain after acquiring Starwood Hotels & Resorts Worldwide in September 2016. Starwood hotels include Sheraton, W Hotels, Westin, Aloft and St. Regis. In a statement, Marriottsaid that the network that contained guest information relating to reservations at Starwood properties was illegally accessed from 2014 up to September 10, 2018. Marriott said that…
Read More
Microsoft Details Causes & Prevention of Recent Office 365 Multi-Factor Failure

Microsoft Details Causes & Prevention of Recent Office 365 Multi-Factor Failure

Information Security
Microsoft Details Causes & Prevention of Recent Office 365 Multi-Factor Failure Multi-factor authentication is meant to lock out cyber attackers. What happened instead last November 19 was that legitimate users of Microsoft Office 365 were locked out for hours from their accounts. For 14 hours, between 4:39 UTC and 18:38 UTC last November 19, users of Microsoft Azure AD Multi-Factor Authentication (MFA) services were locked out from their accounts. These include users of Office 365, Azure, Dynamics and other services which use Azure Active Directory for authentication. The outage affected users in Europe, Asia and the Americas regions, including the U.S. Government and the U.K. Parliament. According to Microsoft, the following 4 reasons contributed to the Azure AD Multi-Factor Authentication (MFA) service outage: The first cause of the outage identified…
Read More
Top 5 Malware to Watch Out This Holiday Shopping Season

Top 5 Malware to Watch Out This Holiday Shopping Season

Information Security
Top 5 Malware to Watch Out This Holiday Shopping Season Online shoppers and e-commerce site owners alike need to watch out for trojan malicious software (malware) programs that are out in force this year-end’s busy holiday shopping season. Kaspersky Labdocumented 14 trojan malware programs that are out in force this holiday shopping season that target e-commerce brands to steal from victims. Trojan is a malware type that’s often disguised as a legitimate software. The most popular trojans are the banking trojans, which traditionally target users of banking and financial institutions’ online services, stealing financial data. Over time, these banking trojans target online shoppers of e-commerce sites. According to Kaspersky Lab, banking trojan detections in e-commerce-related activity has increased steadily over the last few years. In 2015, trojan detections in e-commerce-related…
Read More