Archive for Hacked

Bell Ignored Ransom Demand Prior To Data Breach

Posted in Commentary with tags , on May 19, 2017 by itnerd

Earlier this week I told you about Bell having customer data leak and the possibility that more leaks would be coming. It now seems that the reason for the leak was the fact that Bell ignored a ransom demand from the hacker behind this. Here’s what The Financial Post had to say:

“A demand for payment was made by the hacker, but it was not paid,” Bell spokesman Marc Choma said via email on Tuesday. “We did not reply to their demand.”

You can completely understand why Bell didn’t pay. It would have opened the floodgates for extortion. But you still have to wonder how this happened in the first place? Bell isn’t exactly offering up those details. But the Canadian Privacy Commissioner is investigating and if they discover that Bell dropped the ball, we’ll be told pretty darn quick.

Advertisements

Zomato Pwned….. Data Of 17 Million Users’ Data Briefly Appears On Dark Web

Posted in Commentary with tags on May 19, 2017 by itnerd

Another day, another data breach. This time it’s Zomato and the hack is big. Here’s the details via HackRead:

Recently, HackRead found out a vendor going by the online handle of “nclay” is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace.

The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit. Here’s a screenshot of the sample data publicly shared by “nclay.”

The company via a blog post has acknowledged that they’ve been pwned. Passwords have apparently been reset and Zomato are looking for any breaches in their system. But they also say that any credit card info that is stored on the system is secure. Thus there’s nothing to worry about. I am not so sure. If there’s a breach, anything could have been taken. And chances are it will only be discovered and/or admitted to much later. Thus, I’ll provide my standard advice. Assume the worst and take whatever precautions that you need to so that you’re protected.

#Fail: Trump Properties Are Easily Pwnable Via Poorly Secured WiFi

Posted in Commentary with tags , on May 18, 2017 by itnerd

Gizmodo is running a story where they test the security at a few properties owned by US President Donald Trump including The Mar-a-Lago Club where he has brought foreign leaders and found that any “half decent hacker” can break into their networks via poorly secured WiFi:

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of the Mar-a-Lago Club in Palm Beach, and pointed a two-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, N.J., with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.

We also visited two of President Donald Trump’s other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Va. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

That doesn’t sound good. But you’re likely asking “is this really a big deal?” Well, yes it is. Here’s why:

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.

“Those networks all have to be crawling with foreign intruders, not just [Gizmodo and] ProPublica,” said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found.

Seeing as Trump is President, likes to go to these places frequently, take foreign leaders to these places, and likely conduct business that affects the security of the United States, this is a problem. Now, if you also consider that he signed an executive order to force the government to step up its game on the cybersecurity front, maybe he should get his own house in order first as the optics from this are pretty craptastic.

Roundup: NHS Cyberattack Is Now Global In Scope… Here’s What You Need To Know

Posted in Commentary with tags on May 13, 2017 by itnerd

What started out about a story about the NHS getting pwned by ransomware has now evolved into the biggest cyberattack in history. The New York Times has a map that illustrates how wide spread the attack is. The Financial Times has an excellent story on the attack itself which utilizes a piece of NSA developed malware to leverage poorly secured or antiquated systems running the Windows OS. In terms of the latter, the NHS in the UK was apparently running Windows XP systems which haven’t had security patches from Microsoft in years. Thus making them great targets for this sort of thing. You can bet that heads will roll over that. Organizations such as Fed Ex, Telefonica, Renault, The Russian Interior Ministry among others have hit by this cyberattack.

All is not lost though. Microsoft has added detection and prevention routines to their antivirus products. Other antivirus vendors are doing the same. And by sheer luck, A British cybersecurity researcher accidentally stopped the attack from spreading more widely.

The only good news is that this may be the event that finally forces companies and governments to take cybersecurity seriously. Not to mention the average consumer. After this calms down, I suspect that a serious rethink about how one protects themselves in the age of the cyberattack.

UPDATE: Microsoft has advice for customers here. This page also includes emergency patches for operating systems as far back as Windows XP.

UPDATE #2: If you are a network admin who wants to protect their network from potentially getting pwned by this, here’s what you need to know. Disabling SMBv1 disables the bug that the NSA sourced ransomware uses. Guidance on how to do that can be found here. This applies to devices like network attached storage boxes that may use SMBv1 as well. You should also firewall off SMB ports 139 and 445 from the outside world and restrict access to the service where possible on internal networks.

UPDATE #3: Another way to protect yourself is to ensure that your computer(s) are fully patched. Thus this is a really good time to run software update to make sure that you are covered. This applies to companies, governments, and individuals.

UPDATE #4: A reader just asked me if this ransomware affects Macs. It does not.

UPDATE #5: Motherboard is reporting that there is a new version of this ransomware. The difference is that this one cannot be stopped accidentally or otherwise. Thus we may about to see round two this cyberattack.

NHS Hospitals Pwned By Ransomware In Epic Fashion

Posted in Commentary with tags on May 12, 2017 by itnerd

Across the United Kingdom, people were seeing Tweets like these pop up in their Twitter feeds:

The reason for this is simple. National Health Service hospitals (or NHS for short) have been pwned by ransomware in a co-ordianted attack. Here’s the details from the BBC:

Staff cannot access patient data, which has been scrambled by ransomware. There is no evidence patient data has been compromised, NHS Digital has said.

The BBC understands up to 25 NHS organisations and some GP practices have been affected.

It comes amid reports of cyber-attacks affecting organisations worldwide.

A Downing Street Spokesman said Prime Minister Theresa May was being kept informed of the situation, while Health Secretary Jeremy Hunt is being briefed by the National Cyber Security Centre.

According to cybersecurity firm Foursys The ransomware is holding each computer hostage for $300 in Bitcoin. The malware demands that hospitals pay by May 15, or all the encrypted files will be deleted by May 19. Ironically, this firm manages cybersecurity for 140 NHS sites. Read into that wha you will. Also of note, according to cybersecurity expert Brian Krebs, the ransomware was spread through a recently patched flaw Microsoft Windows SMB or Server Message Block service which Windows computers rely upon to share files and printers across a local network. Which implies that they didn’t patch their systems when the patch came out in March. #fail.

This is serious and proof that organizations of all sizes need to get serious about protecting themselves against this sort of attack.

Has The Esso Extra Website Been Pwned?

Posted in Commentary with tags on May 10, 2017 by itnerd

It appears that the Esso Extra website which powers the gas company’s reward system has been at best probed by hackers, or at worst pwned by hackers. I got tipped off to this by this e-mail that I received as I am a member of this rewards program:

Screen Shot 2017-05-10 at 9.14.39 PM.png

Screen Shot 2017-05-10 at 9.14.59 PM.png

I had a look at that e-mail and it is legit. Thus if you are an Esso Extra member, I would strongly suggest that you go directly to essoextra.com and change your password to keep yourself safe.

PSA: Don’t click that Google Docs link!

Posted in Commentary with tags , on May 4, 2017 by itnerd

If you get an email sharing a Google Docs file with you, I have some advice: Don’t click it!

This is a widespread phishing campaign that started on Wednesday. The malicious email contains what appears to be a link to a Google Doc file. This leads to a legit Google.com page asking you to authorize “Google Docs” to access to your Gmail account. The problem is that this takes control of your Gmail account and in the process, it sends out the same malicious email with your name on it and pillages your contact lists.

If you’ve been pwned by this attack already, you need to go into your Google account permissions page and remove all the access privileges for the evil Google Docs account. Google has apparently locked things down so that this attack doesn’t get worse. But expect it to be around for the next couple of days. That begs the question, why didn’t Google lock things down as a proactive measure?