Top Rated Managed Technology IT Service | Eagle Technology Solutions http://sicoir.com Technology Done Right! Wed, 09 Aug 2017 13:32:31 +0000 en-US hourly 1 https://wordpress.org/?v=4.9 Mac OS Malware http://sicoir.com/mac-os-malware/ Wed, 09 Aug 2017 13:31:55 +0000 http://sicoir.com/?p=14633 3 New CIA-developed Hacking Tools For MacOS & Linux Exposed WikiLeaks has just published a new set of classified documents linked to another CIA project, dubbed 'Imperial,' which reveals details of at least three CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux operating systems.If [...]

The post Mac OS Malware appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
3 New CIA-developed Hacking Tools For MacOS & Linux Exposed

cia-linux-mac--os-hacking-tools

WikiLeaks has just published a new set of classified documents linked to another CIA project, dubbed ‘Imperial,’ which reveals details of at least three CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux operating systems.If you are a regular reader of THN, you must be aware that this latest revelation by the whistleblower organisation is the part of an ongoing CIA-Vault 7 leaks, marking it as the 18th batch in the series.

If you are unaware of the Vault 7 leaks, you can head on to the second of this article for having a brief look on all the leaks at once.

Achilles — Tool to Backdoor Mac OS X Disk Images

Dubbed Achilles, the hacking tool allows CIA operators to combine malicious Trojan applications with a legitimate Mac OS app into a disk image installer (.DMG) file.The binding tool, the shell script is written in Bash, gives the CIA operators “one or more desired operator specified executables” for a one-time execution.

As soon as an unsuspecting user downloads an infected disk image on his/her Apple computer, opens and installs the software, the malicious executables would also run in the background.

Afterwards, all the traces of the Achilles tool would be “removed securely” from the downloaded application so that the file would “exactly resemble” the original legitimate app, un-trojaned application, making it hard for the investigators and antivirus software to detect the initial infection vector.

Achilles v1.0, developed in 2011, was only tested on Mac OS X 10.6, which is Apple’s Snow Leopard operating system that the company launched in 2009.

SeaPea — Stealthy Rootkit For Mac OS X Systems

The second hacking tool, called SeaPea, is a Mac OS X Rootkit that gives CIA operators stealth and tool launching capabilities by hiding important files, processes and socket connections from the users, allowing them to access Macs without victims knowledge.Developed in 2011, the Mac OS X Rootkit works on computers running then-latest Mac OS X 10.6 (Snow Leopard) Operating System (32- or 64-bit Kernel Compatible) and Mac OS X 10.7 (Lion) Operating System.

The rootkit requires root access to be installed on a target Mac computer and cannot be removed unless the startup disk is reformatted or the infected Mac is upgraded to the next version of the operating system.

Aeris — An Automated Implant For Linux Systems

The third CIA hacking tool, dubbed Aeris, is an automated implant written in C programming language that is specifically designed to backdoor portable Linux-based Operating Systems, including Debian, CentOS, Red Hat — along with FreeBSD and Solaris.Aeris is a builder that CIA operators can use to generate customised impacts, depending upon their covert operation.

“It supports automated file exfiltration, configurable beacon interval and jitter, stand-alone and Collide-based HTTPS LP support and SMTP protocol support — all with TLS encrypted communications with mutual authentication,”

“It’s compatible with the NOD Cryptographic Specification and provides structured command and control that’s similar to that used by several Windows implants.”

Previous Vault 7 CIA Leaks

Last week, WikiLeaks revealed about CIA contractor Raytheon Blackbird Technologies, which analysed in-the-wild advanced malware and hacking techniques and submitted at least five reports to the agency for help develop their own malware.Since March, the whistle-blowing group has published 18 batches of “Vault 7” series, which includes the latest and last week leaks, along with the following batches:

  • Highrise Project — the alleged CIA project that allowed the spying agency to stealthy collect and forwarded stolen data from compromised smartphones to its server through SMS messages.
  • BothanSpy and Gyrfalcon — two alleged CIA implants that allowed the spying agency to intercept and exfiltrate SSH credentials from targeted Windows and Linux operating systems using different attack vectors.
  • OutlawCountry – An alleged CIA project that allowed it to hack and remotely spy on computers running the Linux operating systems.
  • ELSA – the alleged CIA malware that tracks geo-location of targeted PCs and laptops running the Microsoft Windows operating system.
  • Brutal Kangaroo – A tool suite for Microsoft Windows used by the agency to targets closed networks or air-gapped computers within an organization or enterprise without requiring any direct access.
  • Cherry Blossom – An agency’s framework, basically a remotely controllable firmware-based implant, used for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices.
  • Pandemic – A CIA’s project that allowed the agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network.
  • Athena – A CIA’s spyware framework that has been designed to take full control over the infected Windows PCs remotely, and works against every version of Microsoft’s Windows operating systems, from Windows XP to Windows 10.
  • AfterMidnight and Assassin – Two alleged CIA malware frameworks for the Microsoft Windows platform that has been designed to monitor and report back actions on the infected remote host computer and execute malicious actions.
  • Archimedes – Man-in-the-middle (MitM) attack tool allegedly created by the CIA to target computers inside a Local Area Network (LAN).
  • Scribbles – A piece of software reportedly designed to embed ‘web beacons’ into confidential documents, allowing the agency to track insiders and whistleblowers.
  • Grasshopper – Framework which allowed the spying agency to easily create custom malware for breaking into Microsoft’s Windows and bypassing antivirus protection.
  • Marble – Source code of a secret anti-forensic framework, basically an obfuscator or a packer used by the CIA to hide the actual source of its malware.
  • Dark Matter – Hacking exploits the agency designed to target iPhones and Macs.
  • Weeping Angel – Spying tool used by the agency to infiltrate smart TV’s, transforming them into covert microphones.
  • Year Zero – Alleged CIA hacking exploits for popular hardware and software.

The post Mac OS Malware appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Copy Kittens http://sicoir.com/copy-kittens/ Tue, 25 Jul 2017 19:54:00 +0000 http://sicoir.com/?p=14622 Experts Unveil Cyber Espionage Attacks by CopyKittens Hackers Security researchers have discovered a new, massive cyber espionage campaign that mainly targets people working in government, defence and academic organisations in various countries. The campaign is being conducted by an Iran-linked threat group, whose activities, attack methods, and targets have been released in a joint, detailed [...]

The post Copy Kittens appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Experts Unveil Cyber Espionage Attacks by CopyKittens Hackers

copykittens-cyber-espionage-hacking-group

Security researchers have discovered a new, massive cyber espionage campaign that mainly targets people working in government, defence and academic organisations in various countries.

The campaign is being conducted by an Iran-linked threat group, whose activities, attack methods, and targets have been released in a joint, detailed report published by researchers at Trend Micro and Israeli firm ClearSky.

Dubbed by researchers CopyKittens (aka Rocket Kittens), the cyber espionage group has been active since at least 2013 and has targeted organisations and individuals, including diplomats and researchers, in Israel, Saudi Arabia, Turkey, the United States, Jordan and Germany.

The targeted organisations include government institutions like Ministry of Foreign Affairs, defence companies, large IT companies, academic institutions, subcontractors of the Ministry of Defense, and municipal authorities, along with employees of the United Nations.

The latest report [PDF], dubbed “Operation Wilted Tulip,” details an active espionage campaign conducted by the CopyKittens hackers, a vast range of tools and tactics they used, its command and control infrastructure, and the group’s modus operandi.

How CopyKittens Infects Its Targets

The group used different tactics to infiltrate their targets, which includes watering hole attacks — wherein JavaScript code is inserted into compromised websites to distribute malicious exploits.

The news media and organisations whose websites were abused as watering hole attacks include The Jerusalem Post, for which even German Federal Office for Information Security (BSI) issued an alert, Maariv news and IDF Disabled Veterans Organization.

Besides water hole attacks, CopyKittens also used other methods to deliver malware, including:

  • Emailed links to malicious websites controlled by attackers.
  • Weaponized Office documents exploiting recently discovered flaw (CVE-2017-0199).
  • Web servers exploitation using vulnerability scanner and SQLi tools like Havij, sqlmap, and Acunetix.
  • Fake social media entities to build trust with targets and potentially spread malicious links.

 

“The group uses a combination of these methods to persistently target the same victim over multiple platforms until they succeed in establishing an initial beachhead of infection – before pivoting to higher value targets on the network,” Trend Micro writes in a blog post.

In order to infect its targets, CopyKittens makes use of its own custom malware tools in combination with existing, commercial tools, like Red Team software Cobalt Strike, Metasploit, post-exploitation agent Empire, TDTESS backdoor, and credential dumping tool Mimikatz.

Dubbed Matryoshka, the remote access trojan is the group’s self-developed malware which uses DNS for command and control (C&C) communication and has the ability to steal passwords, capture screenshots, record keystrokes, collect and upload files, and give the attackers Meterpreter shell access.

“Matryoshka is spread through spear phishing with a document attached to it. The document has either a malicious macro that the victim is asked to enable or an embedded executable the victim is asked to open,” Clear Sky says in a blog post.

The initial version of the malware was analysed in 2015 and seen in the wild from July 2016 until January 2017, though the group also developed and used Matryoshka version 2.

Users are recommended to enable two-factor authentication in order to protect their webmail accounts from being compromised, which is a treasure trove of information for hackers, and an “extremely strong initial beachhead” for pivoting into other targets.

 

The post Copy Kittens appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Russia and VPNs http://sicoir.com/russia-and-vpns/ Mon, 24 Jul 2017 18:20:42 +0000 http://sicoir.com/?p=14591 Russia moves closer to banning the use of proxies and VPNs Earlier this year, China begun assessing ways to ban VPNs and proxy servers in the country, and finally made it mandatory for individuals and organizations to register with the government in order to use such services. Now, Russia seems to be moving towards a [...]

The post Russia and VPNs appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Russia moves closer to banning the use of proxies and VPNs

Earlier this year, China begun assessing ways to ban VPNs and proxy servers in the country, and finally made it mandatory for individuals and organizations to register with the government in order to use such services. Now, Russia seems to be moving towards a similar decision as well.

The bill to ban the use of tools such as proxy websites, proxy servers or virtual private networks (VPNs) in the country was passed by the State Duma (lower house) of the Russian Parliament on Friday. It is yet to be approved by the upper house and the President, but once done, the country’s internet service providers will need to block access to any providers of proxy services.

As per Russian lawmakers, the move would further help enforce the country’s ban on extremist content hosted online. Currently there is no word on whether any special provisions are available for companies that rely on global content or individuals that need access to such services. We will know more about the bill in the coming weeks.

Source: ABC News | Vladimir Putin image via Shutterstock

The post Russia and VPNs appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros http://sicoir.com/beware-microsoft-powerpoint-hack-installs-malware-without-requiring-macros/ Fri, 09 Jun 2017 16:23:44 +0000 http://sicoir.com/?p=14501 "Disable macros and always be extra careful when you manually enable it while opening Microsoft Office Word documents." You might have heard of above-mentioned security warning multiple times on the Internet as hackers usually leverage this decade old macros-based hacking technique to hack computers through specially crafted Microsoft Office files, particularly Word, attached to spam [...]

The post Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>

Disable macros and always be extra careful when you manually enable it while opening Microsoft Office Word documents.

You might have heard of above-mentioned security warning multiple times on the Internet as hackers usually leverage this decade old macros-based hacking technique to hack computers through specially crafted Microsoft Office files, particularly Word, attached to spam emails.

But a new social engineering attack has been discovered in the wild, which doesn’t require users to enable macros; instead it executes malware on a targeted system using PowerShell commands embedded inside a PowerPoint (PPT) file.

Moreover, the malicious PowerShell code hidden inside the document triggers as soon as the victim moves/hovers a mouse over a link (as shown), which downloads an additional payload on the compromised machine — even without clicking it.Researchers at Security firm SentinelOne have discovered that a group of hackers is using malicious PowerPoint files to distribute ‘Zusy,’ a banking Trojan, also known as ‘Tinba’ (Tiny Banker).

Discovered in 2012, Zusy is a banking trojan that targets financial websites and has the ability to sniff network traffic and perform Man-in-The-Browser attacks in order to inject additional forms into legit banking sites, asking victims to share more crucial data such as credit card numbers, TANs, and authentication tokens.

“A new variant of a malware called ‘Zusy’ has been found in the wild spreading as a PowerPoint file attached to spam emails with titles like ‘Purchase Order #130527’ and ‘Confirmation.’ It’s interesting because it doesn’t require the user to enable macros to execute,” researchers at SentinelOne Labs say in a blog post.

The PowerPoint files have been distributed through spam emails with subjects like “Purchase Order” and “Confirmation,” which when opened, displays the text “Loading…Please Wait” as a hyperlink.

microsoft-powerpoint-macros-malware

When a user hovers the mouse over the link it automatically tries to trigger the PowerShell code, but the Protected View security feature that comes enabled by default in most supported versions of Office, including Office 2013 and Office 2010, displays a severe warning and prompts them to enable or disable the content.

If the user neglects this warning and allows the content to be viewed, the malicious program will connect to the “cccn.nl” domain name, from where it downloads and executes a file, which is eventually responsible for the delivery of a new variant of the banking Trojan called Zusy.

“Users might still somehow enable external programs because they’re lazy, in a hurry, or they’re only used to blocking macros,” SentinelOne Labs says. “Also, some configurations may possibly be more permissive in executing external programs than they are with macros.”

Another security researcher, Ruben Daniel Dodge, also analyzed this new attack and confirmed that this newly discovered attack does not rely on Macros, Javascript or VBA for the execution method.

“This is accomplished by an element definition for a hover action. This hover action is setup to execute a program in PowerPoint once the user mouses over the text. In the resources definition of slide1 ‘rID2’ is defined as a hyperlink where the target is a PowerShell command,” Dodge said.

The security firm also said that the attack doesn’t work if the malicious file is opened in PowerPoint Viewer, which refuses to execute the program. But the technique could still be efficient in some cases.

SOURCE: The Hacker News

The post Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Ask Us About Our New Password Manager http://sicoir.com/ask-us-new-password-manager/ Fri, 03 Mar 2017 15:08:48 +0000 http://sicoir.com/?p=14434 We are excited to announce our very own cloud based password manager.  There are so many different ways to store your passwords- excel spreadsheet, sticky note, spiral notebook, from memory, writing it on your hand and maybe tattooed somewhere on your body.  WRONG! Passwords are critical to your business infrastructure and can be crippling if [...]

The post Ask Us About Our New Password Manager appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
We are excited to announce our very own cloud based password manager.  There are so many different ways to store your passwords- excel spreadsheet, sticky note, spiral notebook, from memory, writing it on your hand and maybe tattooed somewhere on your body.  WRONG!

Passwords are critical to your business infrastructure and can be crippling if these passwords are exposed or weak. Eagle Technology Solutions/Sicoir have implemented our own password manager for businesses.  Never forget a password again or rely on staff to give you their passwords if they should happen to leave the company.  Complete control over your passwords throughout your organization!  Call us at 785-628-1330 to find out more or GO HERE to fill out our contact form.

9 Popular Password Manager Apps Found Leaking Your Secrets

Is anything safe? It’s 2017, and the likely answer is NO.

Making sure your passwords are secure is one of the first line of defense – for your computer, email, and information – against hacking attempts, and Password Managers are the one recommended by many security experts to keep all your passwords secure in one place.

Password Managers are software that creates complex passwords, stores them and organizes all your passwords for your computers, websites, applications and networks, as well as remember them on your behalf.

But what if your Password Managers itself are vulnerable?

Well, it’s not just an imagination, as a new report has revealed that some of the most popular password managers are affected by critical vulnerabilities that can expose user credentials.

The report, published on Tuesday by a group of security experts from TeamSIK of the Fraunhofer Institute for Secure Information Technology in Germany, revealed that nine of the most popular Android password managers available on Google Play are vulnerable to one or more security vulnerabilities.

Popular Android Password Manager Apps Affected By One Or More Flaws

The team examined LastPass, Keeper, 1Password, My Passwords, Dashlane Password Manager, Informaticore’s Password Manager, F-Secure KEY, Keepsafe, and Avast Passwords – each of which has between 100,000 and 50 Million installs.

“The overall results were extremely worrying and revealed that password manager applications, despite their claims, do not provide enough protection mechanisms for the stored passwords and credentials,” TeamSIK said.

In each application, the researchers discovered one or more security vulnerabilities – a total of 26 issues – all of which were reported to the application makers and were fixed before the group’s report went public.

Encryption Keys for Master Key Hard-Coded in the App’s Code

According to the team, some password manager applications were vulnerable to data residue attacks and clipboard sniffing. Some of the apps stored the master password in plain text or even exposed encryption keys in the code.

For example, one high severity flaw affected Informaticore’s Password Manager app, which was due to the app storing the master password in an encrypted form with the encryption key hard coded in the app’s code itself. A similar bug was also discovered in LastPass.

In fact, in some cases, the user’s stored passwords could have easily been accessed and exfiltrated by any malicious application installed on the user’s device.Besides these issues, the researchers also found that auto-fill functions in most password manager applications could be abused to steal stored secrets through “hidden phishing” attacks.

And what’s more worrisome? Any attacker could have easily exploited many of the flaws discovered by the researchers without needing root permissions.

List of Vulnerable Password Managers and Flaws Affecting Them

Here’s the list of vulnerabilities disclosed in some of the most popular Android password managers by TeamSIK:

MyPasswords

  • Read Private Data of My Passwords App
  • Master Password Decryption of My Passwords App
  • Free Premium Features Unlock for My Passwords

1Password – Password Manager

  • Subdomain Password Leakage in 1Password Internal Browser
  • HTTPS downgrade to HTTP URL by default in 1Password Internal Browser
  • Titles and URLs Not Encrypted in 1Password Database
  • Read Private Data From App Folder in 1Password Manager
  • Privacy Issue, Information Leaked to Vendor 1Password Manager

LastPass Password Manager

  • Hardcoded Master Key in LastPass Password Manager
  • Privacy, Data leakage in LastPass Browser Search
  • Read Private Data (Stored Master password) from LastPass Password Manager

Informaticore Password Manager

  • Insecure Credential Storage in Microsoft Password Manager

Keeper Password Manager

  • Keeper Password Manager Security Question Bypass
  • Keeper Password Manager Data Injection without Master Password

Dashlane Password Manager

  • Read Private Data From App Folder in Dashlane Password Manager
  • Google Search Information Leakage in Dashlane Password Manager Browser
  • Residue Attack Extracting Master Password From Dashlane Password Manager
  • Subdomain Password Leakage in Internal Dashlane Password Manager Browser

F-Secure KEY Password Manager

  • F-Secure KEY Password Manager Insecure Credential Storage

Hide Pictures Keepsafe Vault

  • Keepsafe Plaintext Password Storage

Avast Passwords

  • App Password Stealing from Avast Password Manager
  • Insecure Default URLs for Popular Sites in Avast Password Manager
  • Broken Secure Communication Implementation in Avast Password Manager

SOURCE:  Hacker News

The post Ask Us About Our New Password Manager appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Here’s My Surprise Face – Yahoo Hacked Once Again! http://sicoir.com/heres-surprise-face-yahoo-hacked/ Thu, 16 Feb 2017 21:37:48 +0000 http://sicoir.com/?p=14428 Has Yahoo rebuilt your trust again? If yes, then you need to think once again, as the company is warning its users of another hack. Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo [...]

The post Here’s My Surprise Face – Yahoo Hacked Once Again! appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>

Has Yahoo rebuilt your trust again?

If yes, then you need to think once again, as the company is warning its users of another hack.

Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts.

Well, it’s happened yet again.

Yahoo sent out another round of notifications to its users on Wednesday, warning that their accounts may have been compromised as recently as last year after an ongoing investigation turned up evidence that hackers used forged cookies to log accounts without passwords.The company quietly revealed the data breach in security update in December 2016, but the news was largely overlooked, as the statement from Yahoo provided information on a separate data breach that occurred in August 2013 involving more than 1 billion accounts.

The warning message sent Wednesday to some Yahoo users read:

“Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.”

The total number of customers affected by this attack is still unknown, though the company has confirmed that the accounts were affected by a security flaw in Yahoo’s mail service.

The flaw allowed “state-sponsored attackers” to use a “forged cookie” created by software stolen from within the company’s internal systems to gain access to Yahoo accounts without passwords.

“Forged cookies” are digital keys that allow access to accounts without re-entering passwords.

Here’s how the attack works:

Instead of stealing passwords, hackers trick a web browser into telling the company that the victim had already logged in by forging little web browser tokens called cookies.

You use cookies every time you log into any service and check that box that says “keep me logged in,” or, “remember me.”

So, even if you close the window, or shutdown your system, you will not have to log back into your account because the cookie stored by your browser tells the online service that you already submitted your username and password.Here’s what a Yahoo spokesperson said about the recently disclosed breach:

“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password.”

“The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders.”

The warning notification has been sent out to almost all affected Yahoo users, although investigations are still ongoing.

The notice sent to Yahoo’s customers on Wednesday, the same day it was reported that Verizon is slashing the price the telecom service will pay for Yahoo by at least $250 Million, following revelations of two security breaches last year, according to a report by Bloomberg.

The price cut appears to indicate the troubled deal will go through.

With yet another disclosed security breach, one might think about closing online accounts associated with Yahoo.

The post Here’s My Surprise Face – Yahoo Hacked Once Again! appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Browser AutoFill Feature Can Leak Your Personal Information to Hackers http://sicoir.com/browser-autofill-feature-can-leak-personal-information-hackers/ Wed, 11 Jan 2017 14:46:18 +0000 http://sicoir.com/?p=14411 Just like most of you, I too really hate filling out web forms, especially on mobile devices. To help make this whole process faster, Google Chrome and other major browsers offer "Autofill" feature that automatically fills out web form based on data you have previously entered in similar fields. However, it turns out that an [...]

The post Browser AutoFill Feature Can Leak Your Personal Information to Hackers appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>

Just like most of you, I too really hate filling out web forms, especially on mobile devices.

To help make this whole process faster, Google Chrome and other major browsers offer “Autofill” feature that automatically fills out web form based on data you have previously entered in similar fields.

However, it turns out that an attacker can use this autofill feature against you and trick you into spilling your private information to hackers or malicious third parties.

Finnish web developer and whitehat hacker Viljami Kuosmanen published a demo on GitHub that shows how an attacker could take advantage of the autofill feature provided by most browsers, plugins, and tools such as Password Managers.

The proof-of-concept demo website consists of a simple online web form with just two fields: Name and Email. But what’s not visible are many hidden (out of sight) fields, including the phone number, organization, address, postal code, city, and country.

Giving away all your Personal Information Unknowingly

browser-autofill

So, if users with an autofill profile configured in their browsers fill out this simple form and click on submit button, they’ll send all the fields unaware of the fact that the six fields that are hidden to them but present on the page also get filled out and sent to unscrupulous phishers.

You can also test your browser and extension autofill feature using Kuosmanen’s PoC site.

Kuosmanen can make this attack even worse by adding more personal fields out of user’s sight, including the user’s address, credit card number, expiration date, and CVV, although auto-filling financial data forms will trigger warnings on Chrome when sites do not offer HTTPS.

Kuosmanen attack works against a variety of major browsers and autofill tools, including Google Chrome, Apple Safari, Opera, and even the popular cloud security vault LastPass.

browser-autofill

Mozilla’s Firefox users do not need to worry about this particular attack as the browser currently, does not have a multi-box autofill system and forces users to select pre-fill data for each box manually.

Therefore, the Firefox browser can’t be tricked into filling text boxes by programmatic means, Mozilla principal security engineer Daniel Veditz says.

Here’s How to Turn Autofill Feature Off

The simplest way to protect yourself against such phishing attacks is to disable form autofill feature in your browser, password manager or extension settings.

Autofill feature is turned on by default. Here’s how to turn this feature off in Chrome:

Go to Settings → Show Advanced Settings at the bottom, and under the Passwords and Forms section uncheck Enable Autofill box to fill out web forms with a single click.

In Opera, go to Settings → Autofill and turn it off.

In Safari, go to Preferences and click on AutoFill to turn it off.

SOURCE:  Hacker News

The post Browser AutoFill Feature Can Leak Your Personal Information to Hackers appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Yes, We’re Geeks! So We Care To Share This With You :-( http://sicoir.com/yes-geeks-care-share/ Tue, 27 Dec 2016 18:06:43 +0000 http://sicoir.com/?p=14402 Carrie Fisher has died at the age of 60 While the opening crawl and massive starship is credited with blowing away audiences who see Star Wars for the first time, it’s the appearance of a young woman who steals the show for me. She’s fearless, standing toe to toe with the imposing Darth Vader, misdirects [...]

The post Yes, We’re Geeks! So We Care To Share This With You :-( appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Carrie Fisher has died at the age of 60

While the opening crawl and massive starship is credited with blowing away audiences who see Star Wars for the first time, it’s the appearance of a young woman who steals the show for me. She’s fearless, standing toe to toe with the imposing Darth Vader, misdirects his forces under extreme duress, and helps spell the downfall of the Empire with the destruction of the Death Star. Princess Leia joined the pantheon of incredible heroines in that film, and her portrayal by Carrie Fisher is one of the greatest characters ever put to film.

Last weekend, Carrie Fisher suffered a heart attack while on a flight to LA last night, and was rushed to the UCLA Medical Center shortly after her flight landed. Earlier today, she passed away at the age of 60.

Fisher is the daughter of singer Eddie Fisher and actress Debbie Reynolds and landed her first role in 1975’s Shampoo. It was her next role that brought her to the world stage. According to his biographer, George Lucas found her “a big pushy for a princess,” but found an incredible chemistry between her and her co-star, Harrison Ford.

Fisher brought something new to the table: a heroine who pushed against the standard tropes of science fiction. Upon her rescue from Detention Block AA-23, she grabs a blaster and promptly escapes, her rescuers in tow. Fisher returned for The Empire Strikes Back and Return of the Jedi, and appeared in a number of other films and television shows, such as When Harry Met Sally, Woody Allen’s Hannah and Her Sisters, before later appearing in such shows as Family Guy, Sex and the City, and 30 Rock.

There was more to Carrie Fisher than Princess Leia, however. She was a novelist and memoirist, penning books such as Postcards from the Edge, Wishful Drinking, and The Princess Diarist, for which Fisher just finished touring for. The memoir contained the revelation that she and her co-star, Harrison Ford, had an affair during the production of A New Hope. Fisher was also regarded as one of the industry’s best script doctors, helping polish up screenplays, working on productions such as Hook, Lethal Weapon 3, Sister Act, Outbreak, The Wedding singer, the Star Wars prequel trilogy, and numerous others. In recent years, she has been outspoken about the mental health and substance abuse issues that have plagued her life.

While she has had a rich and varied career, Fisher’s legacy will always be associated with the feisty Princess — and now General — Leia. Even later in her career, she never strayed far from her most famous role, filming cameo appearances in films such as Jay and Silent Bob Strike Back, and Fanboys and reprised her iconic role as Leia Organa in 2015’s The Force Awakens, as well as in next year’s Episode VIII.

While the pantheon of heroines has become crowded since 1977, with the likes of Hermione Granger, Ellen Ripley, Katniss Everdeen, Jyn Erso, and countless others, it’s Carrie Fisher’s Princess Leia that serves as an inspiration for them all.

Leia has always been one of the most interesting characters from the Star Wars franchise. She was a princess that wasn’t content to sit and to be rescued, but often took matters into her own hands, whether it was escaping from the Death Star, attempting to rescue Han Solo from his captors, or helping to take down the First Order. When Fisher appeared on the screen in The Force Awakens, there were cheers. When her likeness appeared at the end of the latest Star Wars film, Rogue One, I felt a lump in my throat, at seeing an old friend once again.

SOURCE:  The Verge

The post Yes, We’re Geeks! So We Care To Share This With You :-( appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Lynda.com Hacked, Passwords Of 55,000 Users Leaked http://sicoir.com/lynda-com-hacked-passwords-55000-users-leaked/ Mon, 19 Dec 2016 15:18:45 +0000 http://sicoir.com/?p=14396 Short Bytes: Online learning company Lynda is the latest victim of hacking attacks. The company has sent precautious emails to its 9.5 million users. Out of this huge number, the personal information of 55,000 has been hacked. Lynda.com is a well-known online learning company that’s a subsidiary of LinkedIn, which was acquired by software giant Microsoft [...]

The post Lynda.com Hacked, Passwords Of 55,000 Users Leaked appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Short Bytes: Online learning company Lynda is the latest victim of hacking attacks. The company has sent precautious emails to its 9.5 million users. Out of this huge number, the personal information of 55,000 has been hacked.

Lynda.com is a well-known online learning company that’s a subsidiary of LinkedIn, which was acquired by software giant Microsoft for $26.2 billion.

The company has sent out an email to its users and informed them regarding a database hack that might have leaked their personal information like contact information and courses taken. Such an email was sent to about 9.5 million users. Out of this, the passwords of fewer than 55,000 users were breached. Lynda has reset their passwords and informed them via the mail.

The company states that the compromised passwords were cryptographically salted and hashed, and no credit card information was leaked in the hack.

Further, a spokesperson told VentureBeat that there’s no evidence that any of the leaked data has been made publicly available. These emails are being seen as the obvious steps taken to secure Lynda.com accounts.

The email sent to the users said:

Please know that we have no evidence that this data included your password. And while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure.

Just in case you’ve got some doubts, feel free to contact Lynda via this link.

SOURCE: Fossbytes

The post Lynda.com Hacked, Passwords Of 55,000 Users Leaked appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
More Than One Billion Yahoo Accounts Stolen In Massive Data Breach http://sicoir.com/one-billion-yahoo-accounts-stolen-massive-data-breach/ Thu, 15 Dec 2016 19:10:23 +0000 http://sicoir.com/?p=14393 Yahoo has had the unfortunate pleasure of disclosing to the public that more than one billion accounts may have been breached as part of the company being victim to latest cyber-attack. The beleaguered company has already had to suffer the humiliation of letting the world know that around 500 million accounts were accessed without permission during [...]

The post More Than One Billion Yahoo Accounts Stolen In Massive Data Breach appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>
Yahoo has had the unfortunate pleasure of disclosing to the public that more than one billion accounts may have been breached as part of the company being victim to latest cyber-attack.

The beleaguered company has already had to suffer the humiliation of letting the world know that around 500 million accounts were accessed without permission during September of 2014. This latest reveal occurred a year previous to that, in August 2013, with Yahoo also confirming that it’s unable to identify how the attackers were able to get access to the accounts.

The official statement from Yahoo came after markets closed on Wednesday, and not only highlighted that the attack had occurred, but also went into additional detail on the type of data that may have been taken as part of the hack. The statement claimed that the malicious individuals may have gotten access to names, email addresses, telephone numbers and hashed passwords associated with an account. The company also believes that a number of encrypted and unencrypted security questions may have been obtained.

The hack and ability to gain unauthorized access to the systems will definitely be of huge concern for anyone with a Yahoo account, but there is some relatively softening news in the fact that Yahoo believes that no bank account information or payment data was obtained by the hackers. The company has ensured that all stolen data in an unencrypted manner has been invalidated, and is therefore of no real use to the hackers.

However, it’s potentially the method of access that could be considered the most concerning. Yahoo believes that attackers may have stolen its secret source code, and therefore didn’t need a password to access accounts:

Separately, we previously disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, we believe an unauthorized third party accessed our proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies.

yahoo-sign-in

Yahoo may have invalidated any unencrypted data and the forged cookies, but it’s an announcement that the firm could simply do without, given its current situation and the fact that it has taken more than two years to actually confirm and announce the breach.

If you are a Yahoo account holder, it’s likely you will have an email from the business confirming the breach and next steps. It’s prudent to listen to the information in that mail. In any case, we’ll highly recommend changing your password right now!

The post More Than One Billion Yahoo Accounts Stolen In Massive Data Breach appeared first on Top Rated Managed Technology IT Service | Eagle Technology Solutions.

]]>