Wednesday, July 25, 2018

Phishing scam presents stolen passwords in subject line, demands payment for watching porn caught on videocam

Business Insider, in a story by Kif Leswing, reports on a vicious new scam where the victim gets a phishing email with one of his passwords in the subject line. The email then tries to blackmail the person, saying it has videocam of the person watching porn, and demands payment in bitcoin.

In actual fact, the password has probably been stolen from the dark web, and may have come from one of the many major corporate hacks. The attacker does not actually have a video.

But of course you can block the camera on your computer.

Monday, July 23, 2018

US-CERT warns on Emotet Malware, major hazard for financial institutions

US-CERT has sent out an alert on “Emotet Malware”, bulletinTA18-201A, which is aimed at financial institutions and bank and securities accounts. 

It is mainly aimed at financial companies (including payment spheres and PayPal) and is often spread through phishing and affected attachments.  But it could apparently steal from consumer accounts.

Consumers should, as always, watch balances on line and pay attention to whether automated payments and the like process properly. 
But this report appears to apply most directly to employees of financial institutions.

Sunday, July 15, 2018

Site allows you to check if your email passwords have been stolen

“Pardon the interruption, your passwords are leaking”.  It’s a kind of incontinence.
So Geoffrey Fowler writes in the Washington Post Business, “StolenPassword, Here’s What to Do About It?” 

He gives a site “Have I Been Powned” here. 

One of my emails was found on seven sites that had been breached, but not on any dark web sites themselves.
Fowler recommends changing every password every 90 days with 2-step authentication and the use of really long hashed (like MF5) passwords with a professional app.

Tuesday, July 10, 2018

"Dbsync" files with 0 bytes loaded by some adware on some sites

A recent Salon article stalled when I was scrolling in Google Chrome in Windows 10.  When I viewed it in Mozilla, it scrolled fine but Mozilla asked me if I wanted to download called “dbsync” with zero bytes.  I let it go. 

Afterwards I restarted and ran a full scan in Trend Micro and it came up clean.  The file seems like a pivot got adware, which is probably not malicious but would be removed as “bloatware” by some security products.
On Google searches, Trend warns of some fraudulent anti-virus products that claim they will removed dysync.

Thursday, July 05, 2018

US Cert would do well to publish more on SQL Injection issues

I wanted to take a moment and gather some material from US-CERT in Pittsburgh on SQL Injection attacks.

The main primer dates back to 2012, and has link here. Note that CERT reports a large number of attacks in 2008 through Microsoft IIS. The recommendations in the paper relate mainly to larger organizations and tend to suggest theft of user PII is the biggest danger.

In 2016 CERT warned that SQL injection attacks might be attempted by foreign adversaries on voter databases, here

NICCS offers tuition-based classes for companies on preventing SQL injections.  Usually these mean employers send tech support staff to cities (like Seattle) for travel for several days.  

The scale of the training required makes security a difficult matter for individual bloggers to handle on their own.  Wordpress and Automattic need to remain aggressive in fixing vulnerabilities that seem to be found at times, and bloggers should upgrade to latest versions quickly when offered. This is more true now than it was a few years ago because of the tense political climate, domestically and worldwide.
Blogger has never attracted attention for vulnerabilities like this because it uses a totally proprietary database.