Back to Top

Tech, Web, Cloud & Cabling Services

Category: Virus / Adware / Spyware Removal

Security / Virus/Adware/Spyware Removal Category

Uninstall now! Apple abandons QuickTime for Windows despite lingering critical flaws

Apple is giving up on QuickTime for Windows.

Yet another program is joining Java 6 and Windows XP as big-name software you do not want running on your PC. Security firmTrend Micro and the U.S. Department of Homeland Security are advising all Windows users to uninstall Apple’s QuickTime as soon as possible. (The advisory does not affect Mac users.)

The reason for getting rid of QuickTime for Windows is twofold. First, Apple told Trend Micro it is deprecating the software and will no longer deliver security updates for it. Second, there are two known critical vulnerabilities that could allow an attacker to take control of a system running QuickTime.

That’s a hellacious combo.

Apple was unavailable for comment at this writing, but a quick look at QuickTime’s download page shows the software is still publicly available. It hasn’t been updated since at least January, however.

Trend Micro says it does not yet know of any instances where the two potential security threats are being used in the wild but that could change. Trend Micro’s Zero Day Initiative recently published some technical details about the vulnerabilities. ZDI did this because its disclosure policy requires it to publish threat information when a “vendor indicates that the product is deprecated,” and thus won’t be patched.

If you’re a longtime user of iTunes you may be running QuickTime. To dump the program, open the Control Panel on your PC and then from the “category” view go to Programs > Uninstall a program. Once the list of installed programs populates, scroll down until you find QuickTime. Select it with your mouse, and then click Uninstall towards the top of the window. A pop-up window will then appear asking to confirm that you want to uninstall the program. Click Yes and you’ll be QuickTime-free in no time.

A survey published by Secunia Research in late 2015 found that Apple software is among the programs that are updated the least often by Windows users.

Why this matters: Whenever software is about to be abandoned it’s always a good idea to move away from it—or at least start planning to. That goes double for software with known flaws that allow the bad guys to execute code on your machine. QuickTime used to be an important piece of software for Windows users. But these days you don’t need it to watch movie trailers on Apple’s site and it’s no longer used by iTunes to play media on Windows. There’s little reason for the vast majority of Windows users to keep QuickTime on their PCs.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Hacker collects 272m email addresses and passwords, some from Gmail

Security firm announces it has persuaded fraudster to give up database of email addresses along with passwords users use to log in to websites

hacking gmail

The internet on Wednesday gave you another reminder that everyone has been hacked.

Hold Security, a Wisconsin-based security firm famous for obtaining hoards of stolen data from the hacking underworld, announced that it had persuaded a fraudster to give them a database of 272m unique email addresses along with the passwords consumers use to log in to websites. The escapade was detailed in a Reuters article.

It might sound bad, but it is also easily mitigated.

The passwords and email addresses, which include some from Gmail, Yahoo and Russia’s mail.ru service, aren’t necessarily the keys to millions of email accounts. Rather, they had been taken from various smaller, less secure websites where people use their email addresses along with a password to log in.

People who use a different password for both their email account and, say, Target.com, won’t be affected. But those who tend to use the same password for multiple sites as well as their email should change their email password.

“Some people use one key for everything in their house,” Hold Security founder Alex Holden says. “Some people have a huge set of keys that they use for each door individually.”

Holden said there is no way for consumers to check if their emails were included in his firm’s latest find. In 2014, when his firm tried to set up such a service after obtaining a billion hacked login credentials, his site crashed.

The hacker appears to have been largely targeting Russian users. Some 57m of the email addresses were for the country’s largest email provider mail.ru, which claims 100 million monthly users. Around 40m of the addresses were Yahoo Mail, 33m Hotmail and 24m for Google’s Gmail service.

In this case, the hacker had been bragging on internet chat forums that he had a treasure trove of login credentials that he was trying to sell. Holden, who is fluent in Russian, said he wouldn’t pay for the data but would give him “likes” on various social media posts in exchange.

The hacker, who apparently is quite young, agreed. “We kind of call him the collector,” Holden says in a heavy Russian accent. “Eventually, almost everyone gets breached.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Ransomware-as-a-service is exploding: Be ready to pay

RaaS has outgrown smaller targets and now threatens governments, NGOs, and SMBs.

ransomware

It starts with a fast click on a link in a harmless-looking email. Then your PC slows to a crawl. A message suddenly pops up and takes over your screen. “Your files and hard drive have been locked by strong encryption. Pay us a fee in 12 hours, or we will delete everything.” Then a bright red clock begins counting down. No antivirus will save your machine. Pay the fee or lose everything.

You’re the latest victim of a ransomware attack. The scary thing is, you’re not alone. The ransomware market ballooned quickly, from a $400,000 US annual haul in 2012, to nearly $18 million in 2015. The average ransom—the sweet spot of affordability for individuals and SMBs—is about $300 dollars, often paid in cash vouchers or Bitcoin.

The ransomware market scaled up so quickly, claims a recent report by Imperva, due to the rise of ransomware-as-a-service, or RaaS. Here’s how it works:

  • Ransomware authors are marketing on-demand versions of code, using traditional malware distributors in a classic affiliate model.
  • The ransomware author collects the ransom and shares it with the distributor.
  • Malware is distributed through spam email messages, malicious advertisements, and BlackHat SEO sites.
  • According to the Imperva report, “in classical affiliate marketing, the larger cut goes to the possessor of the product. In RaaS … the ransomware author gets a small cut of the funds (5%-25%) while the rest goes to the distributor (affiliate).”
  • Using the deep web, TOR, and Bitcoin, the report says, “this model, based on TOR and Bitcoins, is designed to keep the identity of the author and the distributor hidden from law enforcement agencies.”

Phishing in particular, is a highly effective tactic for malware distribution.

The well-worded email appears to come from a legitimate email address and domain name, and raises very few irregularities. The email comes with a demand for money for an arbitrary service, along with a link that purports to be an “overdue invoice.”

Click that link and open the file (which looks like a Word document), and you’ll become the latest victim of ransomware — that is, malware that encrypts your files and locks you out of your computer until you pay a ransom.

Phishing attacks have also helped ransomware move into the enterprise. In 2015 the medical records system at Hollywood Presbyterian Medical Center was attacked. The hospital paid $17,000 in Bitcoin to unlock the sensitive records. In early 2016 the Lincolnshire County Council was snagged by a phishing scheme and held up for 500 dollars.

To prevent your business from attack, make sure the IT department and communication team are in sync, keep your company’s security systems updated, and remind employees to use caution when clicking on email links from unknown addresses.

If you’ve been hacked, the ransomware rescue kit provides a suite of tools designed to help clean particularly pugnacious malware.

Businesses that suffer ransomware attacks face a tough choice. Paying the fee could restore access to mission-critical data, but there’s no guarantee the extortionists will honor the deal. And of course, paying a ransom provides incentive to hackers and validates the attack.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

10 of the latest security products that can help you fight the bad guys

1. IBM z13s mainframeIBM z13s mainframe

Image: IBM

Security standards are constantly changing. Here are some of the latest software and hardware products to help keep your organization secure.

In February 2016, IBM announced the IBM z13s, a mainframe with cryptographic features built directly into the hardware. According to IBM it can decrypt at twice the speed of the generations before it.

2. Cisco Firepower NGFW

Cisco Firepower NGFW

Image: Cisco

Cisco recently announced its Firepower series appliances with its next-generation firewall (NGFW) technology. There are 16 models in the series that include integrated NGIPS and advanced malware protection.

3. Illumio

Illumio

Image: Illumio

Illumio is a startup that provides adaptive security for the data center and cloud environments. The company recently achieved unicorn status as its value topped $1 billion, and it is consistently named a top enterprise security provider.

4. GOTPass

GOTPass

Image: University of Plymouth, H. Alsaiari, M. Papadaki, P. Dowland, and S. Furnell

GOTPass is a graphical authentication system developed by researchers at the University of Plymouth. It uses images to authenticate instead of traditional passwords.

5. Skyport Systems SkySecure

Skyport Systems SkySecure

Image: Skyport Systems

SkySecure is an out-of-the-box enterprise security solution to protect application workloads. The systems includes hardware, software, and management tools.

6. Spikes Security Isla

Spikes Security Isla

Image: Spikes Security

The Isla is an enterprise appliance that “isolates and eliminates all browser-borne malware.” It was launched in mid-2015, but it was independently certified as invulnerable to web malware exploits in early 2016.

7. Blackphone 2

Blackphone 2

Image: Zack Whittaker/CNET

The Blackphone by Silent Circle is an Android-powered smartphone with a built-in security center to lock down your data. The most recent iteration, the Blackphone 2, released late last year.

8. Imation IronKey Enterprise H350

Imation IronKey Enterprise H350

Image: Imation

The IronKey Enterprise H350 is a rugged, military-grade encrypted hard drive. It is available in multiple capacities and is FIPS 140-2 Level 3 certified.

9. Bitdefender Total Security 2016

Bitdefender Total Security 2016

Image: Bitdefender

For home users and small businesses, the Total Security 2016 by Bitdefender is a great option. It stacks up well against key competitors and includes device anti-theft features.

10. Qubes OS 3.1 rc2

Qubes OS 3.1 rc2

Image: Qubes

Qubes OS is a Linux-based, security-oriented OS that is focused on compartmentalization using VMs. It’s been around for a few years, but the latest version released in January 2016.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Beware downloading some apps or risk “being spied on”

Popular apps on your smartphone can be convenient and fun, but some also carry malicious software known as malware, which gives hackers easy access to your personal information.

A security firm found that between 75 and 80 percent of the top free apps onAndroid phones or iPhones were breached. The number jumps as high as 97 percent among the top paid apps on those devices.

Whether these apps help advertisers target you or help hackers rip you off, you’ll want to do your homework before downloading apps, reports CBS News correspondent Anna Werner.

California’s Susan Harvey said she was a victim after she used a debit card to download a slot machine game app to her cell phone through a Google Play store account.

“It was something you purchased once, for like $15,” Harvey said.

When she went to reload the game, she found hundreds of purchases had been made — by her math, more than $5,000 worth of transactions.

“My heart sank, I just sat there looking at it… I physically, I was sick, because I didn’t know what they were,” Harvey said.

That story’s no surprise to cybersecurity expert Gary Miliefsky, whose company SnoopWall tracks malware. He said certain apps are designed to steal your personal information.

“What are the consequences for me as a consumer?” Werner asked.

“You’re gonna lose your identity. You’re gonna wonder why there was a transaction. You’re gonna wonder how someone got into your bank account and paid a bill that doesn’t exist,” Miliefsky said.

Milifesky said when you download an app, you also give permission for it to access other parts of your phone, like an alarm clock app that can also track phone calls.

“You think an alarm clock needs all those permissions? Access to the Internet over wifi, your call information, calls you’ve made, call history, your device ID? This to me is not a safe alarm clock,” Miliefsky said.

And there’s the weather and flashlight apps that he says exploit legitimate banking apps to capture information, as he showed us in a demonstration of what could happen when someone takes a photo of a check to send to their bank.

“The flashlight app spies on the camera and noticed the check and grabbed a copy of it. Shipped it off to a server somewhere far away,” Miliefsky said.

Last year the group FireEye discovered 11 malware apps being used on iPhones that gathered users’ sensitive information and send it to a remote server, including text messages, Skype calls, contacts and photos Apple fought back by removing the apps and putting stricter security measures in place.

“They get at your GPS, your contacts list…to build a profile on you,” Miliefsky said.

Some apps are simply collecting information for advertising purposes. In 2014, the Federal Trade Commission settled a lawsuit with a company over its popular Brightest Flashlight app, alleging it transmitted consumers’ personal information to third parties without telling them.

But Miliefsky said he’s found another flashlight app that can do much more troubling things.

“This one turns on your microphone in the background, listens in on you, and sends an encrypted tunnel to a server we discovered in Beijing,” Miliefsky described.

“You’re saying that they’re actually listening to people’s conversations and sending that audio back to Beijing?” Werner asked.

“Yeah, we’ve tracked it. I can show you where it does it,” he said.

Miliefsky said it can be traced to a few blocks from Tiananmen Square on Information Drive in Beijing.

He gave a report on that app to the FBI.

“Because to me, it’s spyware at the nth degree,” Miliefsky said.

His recommendation?

“We really have to look at our phone and say, ‘This is really a personal computer that fits in our pocket. Let’s shut down all the apps we don’t use. Let’s delete apps that don’t make sense and reduce the risk of being spied on,'” Miliefsky said.

The creator of the Brightest Flashlight app settled with the FTC, agreeing to change its policy and delete all the information it had gathered.

Harvey sued Google over her alleged hack, but a judge recently dismissed it, saying she and her attorney filed too late. Google said fewer than one percent of Android devices got bad apps in 2014.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Apple CEO Tim Cook: FBI asked us to build a back door into iOS

The most important Tech Case in a Decade

Customer Letter – Apple

February 16, 2016

A Message to Our Customers

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

Answers to your questions about privacy and security

The Need for Encryption

Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

The San Bernardino Case

We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

The Threat to Data Security

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

A Dangerous Precedent

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Tim Cook

Answers to your questions about privacy and security

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Safari on iOS and Mac crashing, bug related to Safari Suggestions, here’s how to fix

A strange bug is affecting many Safari users today, causing crashes on iPhone, iPad and Mac. For many users, simply tapping in the URL bar will cause the browser app to crash completely.  The exact issue causing the crashing has not been locked down, but it appears to be related to Apple’s Safari Suggestions service. It’s a very annoying bug that is affecting a lot of people all of sudden today.

sjt-blog-safari-crash-ios

When you type a URL, Apple sends what you type to its servers, returning a response with autocomplete search queries, Top Sites and other info. There appears to be a bug in this server request that is causing Safari to randomly crash. Users are discovering some potential workarounds until Apple fixes the problem properly …

Disabling Safari Suggestions seems to be helping resolve the bug for many people on iOS. On your iPhone or iPad, go into Settings, tap Safari, and toggle off the ‘Safari Suggestions’ switch. This will fix the crashing, obviously its only a temporary fix until Apple sorts its servers out as it will disable the Safari Suggestions functionality.

Another option is to enter Private Browsing mode. In private browsing, by design Safari does not contact the suggestions server for intelligent completion options, so the server is never contacted and the crash never arises.

The bug is affecting users in many countries, but not all. It also depends on the state of your Safari, whether it has certain data cached already. The crash has been seen on iOS 8, iOS 9 and OS X 10.11. The bug could be even more widespread beyond these platforms however. It is pretty crazy flaw that is affecting so many people this morning, with many reports across European iOS customers.

We have contacted Apple about the issue for clarification, but it’s such a serious functional flaw that we expect a fix very shortly. Please note: this is an unrelated incident to the prank site CrashSafari.com.

Update: The Safari crash bug has now been fixed, according to Apple.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The 15 most frightening data breaches

data breaches

 

Ashley Madison (2015)

All data breaches are scary, but some just have that extra scream factor.

In arguably the most embarrassing data breach of the bunch, a group calling itself “The Impact Team” stole 37 million records from adultery website Ashley Madison, including many records that customers had paid to have deleted.

Virtually all of the company’s data was stolen in the hack, including records that suggest most female accounts on the site are fake, and that the company used female chat bots to trick men into spending money.

LivingSocial (2013)

Daily deals company LivingSocial had its network compromised in 2013, with hackers stealing roughly 50 million names, email addresses, birthdays, and encrypted passwords from its SQL database.

Sony PlayStation Network (2011)

Game over, man. In April 2011, hackers raided Sony’s PlayStation Network (PSN) service, stealing personally identifiable information from more than 77 million gamers.

Sony was further criticized for delaying the release of public information about the theft and for storing customer data in an unencrypted form.

The attack took Sony’s PSN out of service for 23 days.

Internal Revenue Service (2015)

Nigerian scammers pilfered more than $50 million from the U.S. Treasury via an embarrassingly simple 2015 hack of the Internal Revenue Service website.

Information scraped from previous data hacks was used to steal Americans’ identities and request copies of past tax returns on the IRS website. The crooks then filed new tax returns with falsified data, requesting big refunds.

The hack caused massive nightmares for the estimated 334,000 people whose records were stolen before the IRS shut down the transcript request service.

Target (2013)

Hackers installed point-of-sale malware on Target’s computer network sometime in 2013, resulting in the theft of more than 70 million customer records. Stolen data included payment card numbers, expiration dates, and CVV codes.

The retailer reached out to affected customers by offering free data monitoring (standard practice) and a 10% off discount on a future shopping trip. But it was too little, too late; same-store sales slid in the quarter following the hack.

Anthem (2015)

Anthem, the United States’ second largest for-profit health insurer, disclosed in February 2015 that it had lost 78.8 million unencrypted customer records to criminals. Names, social security numbers, email addresses, and income data was stolen.

The rare piece of good news: Financial and medical records were not affected.

Adobe (2013)

Adobe revealed in October 2013 that hackers had stolen 38 million active customer IDs and passwords, forcing the company to send out a wave of password reset warnings.

Weeks after, the news got worse for the company: The thieves also made off with the source code for its popular Adobe Photoshop software.

eBay (2014)

Talk about an inside job: In 2004, online auction house eBay suffered the largest hack in U.S. history, losing 145 million login credentials to a hacker using an internal eBay corporate account.

Names, email and street addresses, phone numbers, and birth dates were compromised, but thankfully, passwords were stored in encrypted form.

Home Depot (2014)

In September 2014, Home Depot admitted that it fell prey to hackers who installed antivirus-evading malware on its self-checkout registers. An estimated 56 million sets of customer payment card data were stolen in the attack.

The company’s losses related to the event are expected to top $1 billion when all of the lawsuits are finally settled. Only $100 million of that will be covered by insurance.

JP Morgan Chase (2014)

The September 2014 breach of JP Morgan Chase proved that even the largest U.S. banks are vulnerable to data theft. Online banking login details were not stolen, but crooks did get their hands on 76 million sets of names, emails, addresses, and phone numbers of bank customers, creating serious phishing concerns.

A group of Russian hackers is believed to be responsible for the attack.

PNI Digital Media (2015)

PNI Digital Media, the company that handles online photo printing for CVS, Walgreens, Rite Aid, Costco, and many more national chains, lost an unknown number of customer records to hackers in 2015.

Given that the company boasted more than 18 million transactions in 2014, it’s likely that this breach affected tens of millions of Americans.

Heartland (2008)

Credit and debit card processing firm Heartland Payment Systems became one of the largest data breach victims in U.S. history when hackers compromised more than 130 million accounts in 2008.

The criminal ring involved in the Heartland data theft was also found to be responsible for the 2005 hack of TJX Companies involving 94 million records.

TJX Companies (2005)

In a 2005 scheme dubbed “Operation Get Rich or Die Tryin,” a group of hackers used an unsecured Wi-Fi network at a Marshalls store to break into parent TJX Companies’ computer system and steal 94 million customer records, including payment card data.

Albert Gonzalez, the ringleader of the hack, is serving a 20-year sentence in Leavenworth.

U.S. Office of Personnel Management (2015)

Earlier this year, the United States Office of Personnel Management admitted that hackers had taken 21.5 million records belonging to those who had undergone government background checks or otherwise applied for federal employment. The hackers stole a wealth of sensitive data, including security clearance information and fingerprint data belonging to secret agents.

The Washington Post reported that the attack is believed to have originated in China.

Zappos (2012)

In January 2012, online shoe retailer Zappos stated that cybercriminals had stolen data of 24 million customers, including names, addresses, and the last four digits of their payment cards.

After the announcement, Zappos had to disconnect its phone lines to keep upset customers from calling in and overloading its phone system.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The 18 scariest computer viruses of all time

virus

 

Anna Kournikova (2001)

The Anna Kournikova virus is so named because it tricked its recipients into thinking they were downloading a sexy picture of the tennis star. Financial damages associated with Kournikova were limited, but the virus had a big pop culture impact: It became a plot point in a 2002 episode of the sitcom Friends.

Sasser (2004)

In April 2004, Microsoft issued a patch for a vulnerability in Windows’ Local Security Authority Subsystem Service (LSASS). Shortly after, a teenager in Germany released the Sasser worm to exploit the vulnerability in unpatched machines. Multiple variants of Sasser took out airline, public transportation, and hospital networks, causing $18 billion in damage.

Skulls.A (2004)

The Skulls.A is a legitimately spooky mobile trojan that affected the Nokia 7610 smartphone and other SymbOS devices. The malware was designed to change all icons on infected phones to Jolly Rogers and disable all phone functions, save for making and receiving calls.

F-Secure says Skulls.A caused little damage, but the trojan is undeniably creepy.

Zeus (2009)

While many malware programs on this list are little more than nuisances, Zeus (AKA Zbot) was a tool used by a complex criminal enterprise.

The trojan uses phishing and keylogging to steal online banking credentials, draining a cumulative $70 million from the accounts of its victims.

Melissa (1999)

Named after a Florida stripper, the Melissa virus was designed to propagate by sending itself to the first 50 contacts in its victims’ e-mail Outlook address book. The attack was so successful that the virus infected 20 percent of the world’s computers, causing an estimated $80 million in damage.

Virus creator David L. Smith (shown) was caught by the FBI, served 20 months in jail, and paid a $5,000 fine.

Sircam (2001)

Like many early malware scripts, Sircam used social engineering to trick people into opening an email attachment.

The worm chooses a random Microsoft Office file on victims’ computers, infects it, and sends it to all the people in the victims’ email contact list. A University of Florida study pegged Sircam cleanup costs at $3 billion.

Stuxnet (2009)

Stuxnet is one of the first known viruses created for cyberwarfare. Created in a joint effort between Israel and the U.S., Stuxnet targeted nuclear enrichment systems in Iran.

Infected computers instructed nuclear centrifuges to physically spin until they broke, all while providing fake feedback that operations were normal.

SQL Slammer/Sapphire (2003)

Taking up just 376 bytes, the SQL Slammer worm packed a lot of destruction into a tiny package. The worm slowed down the Internet, disabled 911 call centers, took down 12,000 Bank of America ATMs, and caused much of South Korea to go offline. It also crashed the network at Ohio’s Davis-Besse nuclear power plant.

Storm Trojan (2007)

Storm Trojan is a particularly sinister piece of email-distributed malware that accounted for 8 percent of all global infections just three days after its January 2007 launch.

The trojan created a massive botnet of between 1 and 10 million computers, and because it was designed to change its packing code every 10 minutes, Storm Trojan proved incredibly resilient.

Code Red (2001)

The Code Red worm, named after the Mountain Dew flavor preferred by its creators, infected up to one-third of all Microsoft ISS web servers upon release.

It even took down whitehouse.gov, replacing its homepage with a “Hacked by Chinese!” message. Estimated damages due to Code Red were in the billions of dollars worldwide.

Nimda (2001)

Released just after the 9/11 attack, many thought the devastating Nimda worm had an Al Qaeda connection (never proven).

It spread via multiple vectors, bringing down banking networks, federal courts and other key computer systems. Cleanup costs for Nimda exceeded $500 million in the first few days alone.

ILOVEYOU (2000)

The ILOVEYOU worm, AKA Love Letter, disguised itself in email inboxes as a text file from an admirer.

But this Love Letter was anything but sweet: In May 2000, it quickly spread to 10 percent of all Internet-connected computers, leading the CIA to shut down its own email servers to prevent its further spread. Estimated damages were $15 billion.

Cryptolocker (2014)

Computers infected with Cryptolocker have important files on their hard drives encrypted and held at ransom. Those who pay approximately $300 in bitcoin to the hackers are given access to the encryption key; those who fail to pay have their data deleted forever.

Netsky (2004)

The Netsky worm, created by the same teen who made Sasser, made its way around the world by way of email attachments. The P variant of Netsky was the most widespread worm in the world even more than two years after its February 2004 launch.

Conficker (2008)

The Conficker worm (AKA Downup, Downadup, Kido), first detected in December 2008, was designed to disable infected computers’ anti-virus programs and block autoupdates that may otherwise remove it from computers.

Conficker quickly spread to numerous important computer networks, including those of the English, French, and German armed forces, causing $9 billion in damage.

Michaelangelo (1992)

The Michelangelo virus itself spread to relatively few computers and caused little real damage. But the concept of a computer virus set to “detonate” on March 6, 1992 caused a media-fueled mass hysteria, with many afraid to operate their PCs even on anniversaries of the date.

Sobig.F (2003)

The Sobig.F trojan infected an estimated 2 million PCs in 2003, grounding Air Canada flights and causing slowdowns across computer networks worldwide. This tricky bug-in-disguise cost $37.1 billion to clean up, making it one of the most expensive malware recovery efforts in history.

MyDoom (2004)

In September 2004, TechRepublic called MyDoom “the worst virus outbreak ever,” and it’s no surprise why. The worm increased the average page load time on the Internet by 50 percent, blocked infected computers’ access to anti-virus sites, and launched a denial-of-service attack on computing giant Microsoft.

The worldwide costs associated with cleanup of MyDoom is estimated to be just shy of $40 billion.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Chrome is marking all HTTP sites as ‘not secure’

Google sends a nudge toward the unencrypted web

Starting in July, Google Chrome marked all HTTP sites as “not secure,” according to a blog post published today by Chrome security product manager Emily Schechter. Chrome currently displays a neutral information icon, but starting with version 68, the browser is warning users with an extra notification in the address bar. Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign.

Google has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google search began down-ranking unencrypted sites in 2015, and the following year, the Chrome team instituted a similar warning for unencrypted password fields.

The Chrome team said the announcement was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of Chrome traffic is already encrypted. “Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year,” Schechter said, “we think that in July the balance was tipped enough so that we can mark all HTTP sites.”

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one in the middle can tamper with the traffic or spy on what you’re doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.

HTTPS has also become much easier to implement through automated services like Let’s Encrypt, giving sites even less of an excuse not to adopt it. As part of the same post, Google pointed to its own Lighthouse tool, which includes tools for migrating a website to HTTPS.

 

CALL US NOW!