LocalCause

Information Technology Services

Category: News (page 1 of 6)

FCC’s Broken Comments System Could Help Doom Net Neutrality

The industry group Broadband for America, which opposes the FCC’s current rules, recently commissioned an analysis of the comments from a company called Emprata. The study determined that a majority of the comments–about 60 percent–favor keeping the FCC’s current rules, which classify internet service providers as “Title II” common carriers like mobile and landline phone companies and ban them from blocking or interfering with lawful content. If you look only at unique comments, as opposed to form letters using boilerplate text, those in favor of keeping the Title II rules outweigh those who want to jettison the rules 1.52 million to 23,000.

The only hitch: the commenting process was such a debacle that the legitimacy of the entire body of comments is now in question.

FCC’s Broken Comments System Could Help Doom Net Neutrality

This past April, the Federal Communications Commission invited the American people to weigh in on whether the federal government should roll back the rules currently in place to protect net neutrality. By the time the online comment submission period ended last Wednesday, the agency had collected 21.9 million comments, an astounding level of participation on what at first glance appears to be a rather esoteric telecommunications policy issue.

Huge Increase in Brute Force Attacks Against WordPress

Last week, WordPress security firm WordFence revealed it detected over 1.65 million brute-force attacks originating from an ISP in Ukraine that generated more malicious traffic than GoDaddy, OVH, and Rostelecom, put together. A week later, after news of WordFence’s findings came to light, Ukrainian users have tracked down the ISP to a company called SKS-Lugan in the city of Alchevs’k, in an area controlled by pro-Russian forces in eastern Ukraine. All clues point to the fact that the ISP’s owners are using the chaos created by the Ukrainian civil war to host cyber-crime operations on their servers. Some of the criminal activities the ISP hosts, besides servers for launching brute-force attacks, include command-and-control servers for the Locky ransomware, [email, comment, and forum] spam botnets, illegal streaming sites, DDoS stressers, carding sites, several banking trojans (Vawtrack, Tinba), and infostealers (Pony, Neurevt).

More details have surfaced regarding a recent wave of brute-force attacks (dictionary attacks to be more accurate) that have targeted WordPress sites over the past few weeks.

Huge Increase in Brute Force Attacks in December and What to Do – Wordfence

Update: We posted a follow-up to this post on Monday December 19th which goes into more detail about the Ukraine IP block where these attacks originate from and we discuss possible Russia involvement. At Wordfence we constantly monitor the WordPress attack landscape in real-time.

TA16-336A: Avalanche Crimeware Alert

TA16-336A: Avalanche (crimeware-as-a-service infrastructure)

Systems Affected

Microsoft Windows

Overview

“Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further information about Avalanche.

Description

Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials). Victims’ compromised systems may also have been used to conduct other malicious activity, such as launching denial-of-service (DoS) attacks or distributing malware variants to other victims’ computers.

In addition, Avalanche infrastructure was used to run money mule schemes where criminals recruited people to commit fraud involving transporting and laundering stolen money or merchandise.

Impact

A system infected with Avalanche-associated malware may be subject to malicious activity including the theft of user credentials and other sensitive data, such as banking and credit card information. Some of the malware had the capability to encrypt user files and demand a ransom be paid by the victim to regain access to those files. In addition, the malware may have allowed criminals unauthorized remote access to the infected computer. Infected systems could have been used to conduct distributed denial-of-service (DDoS) attacks.

Solution

Users are advised to take the following actions to remediate malware infections associated with Avalanche:

  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. Even though parts of Avalanche are designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date. If you suspect you may be a victim of an Avalanche malware, update your anti-virus software definitions and run a full-system scan. (See Understanding Anti-Virus Software for more information.)
  • Avoid clicking links in email – Attackers have become very skilled at making phishing emails look legitimate. Users should ensure the link is legitimate by typing the link into a new browser (see Avoiding Social Engineering and Phishing Attacks for more information).
  • Change your passwords – Your original passwords may have been compromised during the infection, so you should change them. (See Choosing and Protecting Passwords for more information.)
  • Keep your operating system and application software up-to-date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. You should enable automatic updates of the operating system if this option is available. (See Understanding Patches for more information.)
  • Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool. A non-exhaustive list of examples is provided below. The U.S. Government does not endorse or support any particular product or vendor.

ESET Online Scanner

          https://www.eset.com/us/online-scanner/(link is external)

F-Secure

          https://www.f-secure.com/en/web/home_global/online-scanner(link is external)

McAfee Stinger

          http://www.mcafee.com/us/downloads/free-tools/index.aspx(link is external)

Microsoft Safety Scanner

          https://www.microsoft.com/security/scanner/en-us/default.aspx(link is external)

Norton Power Eraser

          https://norton.com/npe(link is external)

Revisions

  • December 1, 2016: Initial release

 

Avalanche (crimeware-as-a-service infrastructure) | US-CERT

Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials).

Warning: Google Enables Personally Identifiable Web Tracking

Google Using Personally-Identifiable Information to Track Your Every Move?The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on the keywords they used in their Gmail. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.

The move is a sea change for Google and a further blow to the online ad industry’s longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people’s real names. But until this summer, Google held the line.

To opt-out of Google’s identified tracking, visit the Activity controls on Google’s My Account page, and uncheck the box next to “Include Chrome browsing history and activity from websites and apps that use Google services.” You can also delete past activity from your account.

“The fact that DoubleClick data wasn’t being regularly connected to personally identifiable information was a really significant last stand,” said Paul Ohm, faculty director of the Center on Privacy and Technology at Georgetown Law.

“It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy,” he said. “That wall has just fallen.”

https://www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking

AT&T Labs’ Project AirGig Nears First Field Trials for Ultra-Fast Wireless Broadband Over Power Lines

Source: Yahoo! Finance

AT&T says it has developed a new technology it calls AirGig, which links up to standard power lines and uses a special transmitter to deliver super-fast gigabit internet wirelessly.

The project is only in its early test phases for now, and AT&T hasn’t announced where and when it’ll deploy it publicly. But based on the company’s blog post announcing AirGig, it sounds like AT&T will likely target rural areas at first.

Gigabit internet is several times faster than the standard broadband most people get in their home. The AirGig project attaches antennas to existing power lines and uses a millimeter wave frequency to broadcast gigabit internet to devices.

AT&T wouldn’t describe exactly how the technology works, but would only say it’s not tapping into the power of the power line.

AT&T says AirGig is several times cheaper than standard wireless internet because it’s cheaper for the company to deploy and deliver. It can also be used over open wireless spectrum.

AT&T isn’t the only company exploring wireless gigabit internet. Google, Facebook, and the startup Starry are all experimenting with ways to bathe the world in super-fast wireless internet access.

AT&T Labs’ Project AirGig Nears First Field Trials for Ultra-Fast Wireless Broadband Over Power Lines

AT&T* unveiled today Project AirGig, a transformative technology from AT&T Labs that could one day deliver low-cost, multi-gigabit wireless internet speeds using power lines. We’re deep in the experimentation phase. This technology will be easier to deploy than fiber, can run over license-free spectrum and can deliver ultra-fast wireless connectivity to any home or handheld wireless device.

12 Not-So-Great Realities About Nonprofits and Social Media

Nonprofits have spent years promoting Facebook and get rewarded with a 3% organic reach.

Is Social Media still worth the effort?

Millions of nonprofits worldwide have been asking supporters and donors to “Follow Us on Facebook!” or “Like Our Facebook Page!” for nearly a decade. We’ve emailed, we’ve tweeted, we’ve given shout outs at events, and prominently placed calls-to-follow in our print materials. Our sector has provided billions of dollars of free advertising for Facebook. Our reward? An approximate 3% organic reach (and still no Google Adwords-like advertising program for nonprofits). Facebook’s organic reach is equivalent to sending 100 donors a fundraising email and having 97 of them classified spam and consequently blocked.  That’s a wasted use of time and resources and that’s how many nonprofits are feeling these days about Facebook. Yes, Facebook’s new donation tools could be awesome, but only if we promote the donation tools to our supporters and donors which many nonprofits are unwilling to do at this point. With reason, nonprofits are skeptical of Facebook’s motives and long-term objectives.

It is important to step back occasionally and take a critical look at how social media is impacting nonprofit technology at your organization as well as your digital staff. Beyond the power and promise, nonprofit technology needs to produce results that can be quantified and that’s becoming harder to do in respect to social media.

12 Not-So-Great Realities About Nonprofits and Social Media

For more than a decade the blogosphere has touted the power and promise of social media (this blog included), but there is also a downside to using social media for your nonprofit.

Someone Is Learning How to Take Down the Internet

First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it’s overwhelmed. These attacks are not new: hackers do this to sites they don’t like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it’s a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker.

Someone Is Learning How to Take Down the Internet

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down.

Microsoft keeps making news on the privacy front, and not in a good way.

The company keeps defending data-gathering features that some people don’t want instead of just making them optional.

Microsoft has been called to task for the practice by privacy advocate the Electronic Frontier Foundation. A blog post by EFF staffer Amul Kalia criticizes the company not just for collecting information for Cortana, but also for collecting telemetry data. Kalia writes: “A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so. Microsoft also won’t say how long this data is retained, instead providing only general timeframes. Worse yet, unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it.”

Microsoft’s tin ear for privacy

Microsoft keeps making news on the privacy front, and not in a good way. Much has been made of the way Cortana in Windows 10 may invade your privacy by collecting data such as the words you speak and the keys you strike.

USB Kill 2.0

The lesson here is simple enough. If a device has an exposed USB port — such as a copy machine or even an airline entertainment system — it can be used and abused, not just by a hacker or malicious actor, but also electrical attacks.

“Any public facing USB port should be considered an attack vector,” says the company. “In data security, these ports are often locked down to prevent exfiltration of data, or infiltration of malware, but are very often unprotected against electrical attack.”

Good news! Now you can buy a laptop-destroying USB stick

For just a few bucks, you can pick up a USB stick that destroys almost anything that it’s plugged into. Laptops, PCs, televisions, photo booths — you name it. Once a proof-of-concept, the pocket-sized USB stick now fits in any security tester’s repertoire of tools and hacks, says the Hong Kong-based company that developed it.

Symantec’s Vulnerabilities Are as Bad as it Gets

Symantec. As Bad As It Gets.THIS WEEK, GOOGLE security researcher Tavis Ormandy announced that he’d found numerous critical vulnerabilities in Symantec’s entire suite of anti-virus products. That’s 17 Symantec enterprise products in all, and eight Norton consumer and small-business products. The worst thing about Symantec’s woes? They’re just the latest in a long string of serious vulnerabilities uncovered in security software.

Some of these products cannot be automatically updated, and administrators must take immediate action to protect their networks. Symantec has published advisories for customers, available here.

Some of Symantec’s flaws are basic, and should have been caught by the company during code development and review. But others are far more serious, and would allow an attacker to gain remote-code execution on a machine, a hacker’s dream. One particularly devastating flaw could be exploited with a worm. Just by “emailing a file to a victim or sending them a link to an exploit … the victim does not need to open the file or interact with it in anyway,” Ormandy wrote in a blog post Tuesday, further noting that such an attack could “easily compromise an entire enterprise fleet.”

It gets worse. The flaw exists in an unpacker Symantec uses to examine compressed executable files it thinks might be malicious. So the vulnerability would let attackers subvert the unpacker to take control of a victim’s machine. Essentially, a core component Symantec uses to detect malware could be used by intruders to aid their assault.

“These vulnerabilities are as bad as it gets,” Ormandy wrote. He would know.

Read the rest at WIRED

Older posts

© 2017 LocalCause

Website Malware Scan

Loading...