Windows 7 End Of Life is coming soon, are you ready?

Windows 7, and it’s server counterpart Windows Server 2008 R2 have had a great run over the years. When these platforms were released in 2009, Microsoft committed to providing 10 years of product support for their shiny new Operating System and Server platforms. Once this 10-year period ends, Microsoft will discontinue Windows 7 and Server 2008 R2 product support.

The exact date Microsoft has pegged for ending this support cycle is January 14th, 2020. After this time, Microsoft will no longer release technical and security patches for Windows 7 or Windows Server 2008 R2. This means that if a security vulnerability is found that affects these systems, there will be no patch from Microsoft to mitigate these security concerns. Microsoft is strongly recommending that it’s users migrate to newer systems or upgrade existing systems to Windows 10 or Windows Server 2019 before this time period to avoid a situation where you are unable to receive necessary security patches for your outdated systems.

We can help you navigate through the process of updating and upgrading your aging systems to make sure you’re ready for the next phase of your business product life-cycle. Contact us today at (308) 221-1159 or email info@poweroncomp.com to learn how we can help your business!

Every WiFi connection at risk of new “KRACK” WiFi hacking attack

The first new WiFi security vulnerability to be found in 14 years is real a doozey!  

 

The WPA2 encryption protocol which is widely used to secure WiFi traffic is at risk from multiple vulnerabilities, collectively known as “KRACK Attacks”, or Key Reinstallation AttACKs, that were publicly disclosed on October 16, 2017. Every single WiFi connection currently in use is potentially at risk of being hacked security researchers disclosed in a recently released research paper.  These vulnerabilities effect both WiFi Access Points or Routers as well as WiFi enabled devices such as Phones, Laptops, Cameras and any devices connected to and communicating over a WiFi network.

The attacks, which cannot be carried out remotely, allow a malicious individual to replace, or reinstall, one of the security keys used to encrypt the communications on a WiFi network with a key of the attacker’s choosing.  This allows an attacker to gain access to otherwise encrypted data.  This could allow them to view your passwords, credit card numbers, photos and snoop on all traffic sent over the WiFi network.  If your home or business uses a single network for Wired and Wireless communication, as most off-the-shelf routers do, this could even include communications to wired devices as well.  While the attack is not technically easy to complete for all devices, tools are likely to be made available shortly that will allow less technically savvy people to carry out the attack.

As of this time, the only way to fix this flaw would be to manually replace or patch every WiFi device in existence currently, no small feat.  Given that the publication of these vulnerabilities has been withheld, a fix is likely already in the works — or already completed — from major device vendors, but this will only affect those devices that are currently receiving software updates.  Older, abandoned devices, will likely remain vulnerable to these attacks.

Full details on the attacks with P.O.C. demonstrations and further news are available on the following website:

 

KRACK Attacks: Breaking WPA2

CCleaner 5.33 hacked to deliver malware

CCleaner 5.33 users take note:

 

Cisco Talos Intelligence labs has recently became aware of a supply chain attack against CCleaner v 5.33.  Talos recently observed that the legitimate download servers used by CCleaner were leveraged to deliver malware to unsuspecting victims.  For an unknown period of time, the legitimate, signed version of CCleaner v5.33, being distributed by Avast, also included a multi-stage malware payload that rode on top of the installation of CCleaner.  Given the potential for damage that could be caused by a network of infected computers even a tiny fraction of the size of CCleaner’s installed user base, Talos decided to move quickly.  On September 13, 2017 Cisco Talos immediately notified Avast of their findings so they could initiate appropriate response measures.

It is believed that attackers gained a foothold inside one or more development or build environments and leveraged that access to insert malware into the CCleaner build that was released between August 15th 2017 to September 12th, 2017.  If you downloaded CCleaner or your system updated to the newest build during this time, it is highly advised that you remove this program from your system and take measures to clean it immediately.

Contact POCC today to ensure your system has not been compromised!

Read the blog post from Cisco Talos to learn more about this discovery:

Massive data breach leaves nearly 1/2 of all Americans vulnerable to identity theft

From the OMG, this is scary department:

Equifax has just announced that a massive data breach in July of 2017 has left nearly 1/2 of all Americans vulnerable to identity theft.  On Thursday, the company disclosed that a data breach it discovered on July 29 may have impacted as many as 143 million consumers in the United States. Equifax is one of the three main organizations in the US that calculates credit scores, so it has access to an extraordinary amount of personal and financial data for virtually every American adult. The company says that hackers accessed data between mid-May and July through a vulnerability in a web application. Attackers got their hands on names, Social Security numbers, birth dates, addresses, some driver’s license numbers, and about 209,000 credit card numbers. 182,000 “dispute documents,” essentially complaint submissions that include personal identifying data, were also compromised in the breach.

Equifax is offering a website – www.equifaxsecurity2017.com – where you can check if you are one of the 143 million people who may have had their personal information compromised.  Equifax is also offering a year of free credit monitoring and identity theft protection on that site that you can (and should) sign up for if your personal information has been compromised in the breach.  You might consider paying for additional protection after the first year is over as it’s likely that attackers may have better luck abusing your leaked data once the free year of identity theft protection has expired.

Read more below

Dozens of online file converter websites may have been compromised

 

Recently, a security researcher made an alarming discovery when it was found that a server hosting several popular file conversion web sites had been hacked.  The researcher, who asked not to be named for fear of legal repercussions, recently told ZDNet that the attacker behind the hack had obtained “full root access” to the server and it’s contents.

The researcher claimed the level of access would allow an attacker to quietly copy any file uploaded to the sites, but said it was “impossible to tell” what the root shells were being used for, or if they were even in active use.

The Paris-based server hosted sites including combinepdf.com, imagetopdf.com, jpg2pdf.com and many others.  These sites allow users to convert files and documents to other formats.  While they are hardly the most popular sites in the world, it is estimated that thousands of people use the sites every day, based on various traffic metrics and statistics sites.

The server was found by the researcher to be vulnerable to a year-old set of bugs found in the ImageMagick library, a commonly used tool to convert images. The bugs, known collectively as “ImageTragick,” are extremely easy to exploit — in one case, as simple as uploading an image file containing four lines of code to the server. The bug is so serious that Facebook paid a record bug bounty to a researcher who found that the social network was vulnerable, and Yahoo stopped using the software altogether. Countless servers and websites remain unpatched to this day.

As soon as an exploit file is uploaded to a vulnerable server, the code runs.  This opens a bind shell on the server which listens for commands or code from the attacker.  According to the researcher, there were 3 other bind shells open on this server.  Exactly who was using them or what they were doing remains unknown.

“The impact of this incident is concerning to me,” said the security researcher. “All data going in or out of the server was being tampered with for months on end without the server owner noticing it.”

The full list of affected domains includes:

booktitlegenerator.com
combinepdf.com
compressjpeg.com
compresspng.com
coollastnames.com
croppdf.com
cutecatnames.com
cutedognames.com
djvu2pdf.com
dragonnamegenerator.com
ebook2pdf.com
epub2kindle.com
exceltopdf.com
horsenamegenerator.com
html2pdf.com
htmlformatter.com
imagetopdf.com
jpg2pdf.com
jpg2png.com
mobi2epub.com
odt2pdf.com
optimizilla.com
palettegenerator.com
pdf2kindle.com
pdf2mobi.com
pdf2png.com
pdfcompressor.com
pdfepub.com
pdfjoiner.com
pdfmobi.com
pdftoimage.com
pdftotext.com
png2jpg.com
png2pdf.com
pngjpg.com
psd2pdf.com
pubtopdf.com
ringer.org
ringtonecutter.com
ringtonemaker.com
rtftopdf.com
shrinkpdf.com
summarygenerator.com
svgtopng.com
toepub.com
topdf.com
unminify.com
wordtojpeg.com

Read the full article below:

Spotted in the Wild: Fake Facebook messages spreading malicious content

There is a new malware campaign on the rise which has recently been spotted spreading via Facebook private messages.  While the idea behind the campaign is not new, using instant messaging to spread links to malware hosting web pages, the length to which the malware authors have gone to target their victims is not something we typically see in a fly-by-night malware campaign.

The links in the message take you to a Google Docs document page.  The document has already taken a picture from the victim’s Facebook page and created a dynamic landing page which looks like a playable movie. When the victim clicks on the fake playable movie, the malware redirects them to a set of websites which enumerate their browser, operating system and other vital information. Depending on their operating system they are directed to other websites.

It has been a while since I saw these adware campaigns using Facebook, and its pretty unique that it also uses Google Docs, with customized landing pages. As far as I can see no actual malware (Trojans, exploits) are being downloaded but the people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts.

Please make sure that you don’t click on these links, and please update your antivirus!

 

Read more on this threat below:

Massive Code Breach Worries Security Researchers.

A massive trove of Microsoft’s internal Windows operating system builds and chunks of its core source code have leaked online.

The leaked code is Microsoft’s Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond’s PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.

Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels.

Netizens with access to Beta Archive’s private repo of material can, even now, still get hold of the divulged data completely for free. It is being described by some as a bigger leak than the Windows 2000 source code blab in 2004.

Spokespeople for Microsoft were not available for comment.

Read more below:

 

Yet another Yahoo security breach

Yahoo announced late yesterday that their servers have been victim to yet another security breach, this time affecting over one billion (that’s billion, with a B) Yahoo user accounts.  Yahoo has not as of yet been able to identify the intrusion associated with this latest security breach.  This means they don’t know who broke in nor how they did so.

From their statement:

As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts.

If you or anybody you know uses Yahoo’s services in any way, it is HIGHLY recommended that you take steps now to protect yourself.  Change your password, update security questions, and watch every account you had tied to Yahoo’s email or other services.  If you used your Yahoo account credentials on any other site or used the same username / password combination on other sites, it is STRONGLY recommended that you change the password and security questions for those accounts as well.

Yahoo has created a FAQ page providing more information and steps you can take to protect yourself

Scammers can trick Microsoft Edge into displaying fake security warnings

Hopefully, by now, many readers will be aware of the scam messages that can pop up on your computer screen telling you that your computer may be at risk, and to call a special number for “technical support”.

Of course, the scam warnings are not legitimate and the person you are calling is not a real Microsoft support engineer. And yet, many computer users have been fooled into making contact, and ended up either with an expensive and unnecessary bill or granting hackers access to their PC.

The scams are more successful for the fraudsters the more convincing that their warning appears.

Now a security researcher has discovered a way that scammers can subvert a mechanism in the Microsoft Edge browser that was built with the intention of protecting users from dangerous websites – to actually help a scam be committed. . .

 

Continued below

Scammers never tire – a newly seen type of tech support fraud

There is a new scam you need to watch out for. In the last few years, online service providers like Google, Yahoo and Facebook have started to send emails to their users when there was a possible security risk, like a log-on to your account from an unknown computer.

Bad guys have copied these emails in the past, and tried to trick you into logging into a fake website they set up and steal your username and password. Now, however, they send these fake security emails with a 1-800 number that they claim you need to call immediately.

If you do, two things may happen:

1) You get to talk right away with a real internet criminal, usually with a foreign accent, that tries to scam you. They claim there is a problem with your computer, “fix” it, and ask for your credit card.

2) You get sent to voice mail and kept there until you hang up, but your phone number was put in a queue and the bad guys will call you and try the same scam.

Remember, if you get any emails that either promise something too good to be true, OR look like you need to prevent a negative consequence, Think Before You Click and in this case before you pick up the phone.

If you decide to call any vendor, go to their website and call the number listed there. Never use a phone number from any email you may have received. Here is a real example of such a call. Dont’ fall for it!