Meltdown and Spectre – Bugs in modern computers leak passwords and sensitive data.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

 

Read More Below:

Meltdown and Spectre

Massive data breach leaves nearly 1/2 of all Americans vulnerable to identity theft

From the OMG, this is scary department:

Equifax has just announced that a massive data breach in July of 2017 has left nearly 1/2 of all Americans vulnerable to identity theft.  On Thursday, the company disclosed that a data breach it discovered on July 29 may have impacted as many as 143 million consumers in the United States. Equifax is one of the three main organizations in the US that calculates credit scores, so it has access to an extraordinary amount of personal and financial data for virtually every American adult. The company says that hackers accessed data between mid-May and July through a vulnerability in a web application. Attackers got their hands on names, Social Security numbers, birth dates, addresses, some driver’s license numbers, and about 209,000 credit card numbers. 182,000 “dispute documents,” essentially complaint submissions that include personal identifying data, were also compromised in the breach.

Equifax is offering a website – www.equifaxsecurity2017.com – where you can check if you are one of the 143 million people who may have had their personal information compromised.  Equifax is also offering a year of free credit monitoring and identity theft protection on that site that you can (and should) sign up for if your personal information has been compromised in the breach.  You might consider paying for additional protection after the first year is over as it’s likely that attackers may have better luck abusing your leaked data once the free year of identity theft protection has expired.

Read more below

Spotted in the Wild: Fake Facebook messages spreading malicious content

There is a new malware campaign on the rise which has recently been spotted spreading via Facebook private messages.  While the idea behind the campaign is not new, using instant messaging to spread links to malware hosting web pages, the length to which the malware authors have gone to target their victims is not something we typically see in a fly-by-night malware campaign.

The links in the message take you to a Google Docs document page.  The document has already taken a picture from the victim’s Facebook page and created a dynamic landing page which looks like a playable movie. When the victim clicks on the fake playable movie, the malware redirects them to a set of websites which enumerate their browser, operating system and other vital information. Depending on their operating system they are directed to other websites.

It has been a while since I saw these adware campaigns using Facebook, and its pretty unique that it also uses Google Docs, with customized landing pages. As far as I can see no actual malware (Trojans, exploits) are being downloaded but the people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts.

Please make sure that you don’t click on these links, and please update your antivirus!

 

Read more on this threat below:

Celebrate World Backup Day with POCC

World Backup Day is a yearly backup awareness event celebrated on March 31st.

A backup is a second copy of all your important files, for example, your family photos, company documents, emails, etc.  Instead of storing this data all in one place (like your computer), you keep another copy of everything in a safe place.  Here at POCC, we backup our data daily to the cloud. To celebrate this day, we test our backup systems to ensure they are working as expected and that we can and restore this data in the event of an issue.

Here are some interesting backup facts:

  • 30% of people have never performed a data backup.
  • 113 phones are lost or stolen every minute.
  • 29% of data disasters are caused by accident.
  • 1 in 10 computers are infected with viruses or malware each month.

Are you prepared when disaster strikes?  Will you be an April Fool?

Contact us to ensure your data is safe!

Take the backup pledge today!

The ever-evolving threat of ransomware continues

Bad guys have found a new way to trick people into infecting their PC with ransomware. This time it looks like a Sprint / Verizon / Charter / etc. (it could claim to be from any phone service really) email that tells you about a voice mail that was left for you, and wants you to play the voice mail.

The email has a .zip attachment that supposedly has the voice mail message in a .wav file. However, if you unzip the file, the ransomware will encrypt all the files on your computer and possibly all files on the network if you have access. You only get your files back if you pay around 500 dollars.

Do not click on links in “voice mail” emails from someone you do not know, and certainly do not open any attachments!

Remember, Think Before You Click!

 

For more information on how to keep yourself or your organization safe, or if you’d like a threat evaluation, contact POCC today.

Mazar Bot malware can root and wipe Android smartphones

Security experts are warning about new malware attack that targets Android users. Mazar Bot is delivered via SMS, is able to gain root access to devices, installs software including Tor, and can even go as far as completely wiping a victim’s phone.

Mazar Bot was discovered by Heimdal Security whose researchers analyzed a text message that had been found sent to random numbers. The message purports to provide a link to an MMS, but in fact tricks recipients to install the malicious mms.apk — Mazar Android BOT in disguise.

Read more below

Bitdefender Free AntiVirus for Android

Just when you thought your phone was running great, it gets hit with a nasty virus demanding a ransom to unlock your device.  Protect it today with Bitdefender AntiVirus for Android.  Top rated by PC Magazine 2 years in a row.

Grab the free essentials version here:

www.bitdefender.com/solutions/antivirus-free-for-android.html

Their Mobile Protection suite offers comprehensive protection and tracking for your device:

http://www.bitdefender.com/solutions/mobile-security-android.html

Configure Email Notifications for Windows Server Backup using Gmail TLS

 

If you’ve ever had to configure a server backup using Windows Server Backup (WSB), you may have noticed that WSB is lacking in a few basic features such as email notifications for backup completions or failures forcing you to check event logs to see if backup was successful or not. What follows is my account of how to create such a system and allow as minimal fuss as possible. Please note that this solution utilizes a Gmail email account for sending email to your configured recipients and was pieced together from multiple sources online to accomplish this goal. I will add full credits where due at the end of this post.

WSB is a great tool for it’s price, it’s free, supported by Microsoft out of the box and works surprisingly well to backup a single server to external USB drives or to an iSCSI mounted network file share.

We utilize an iSCSI share on a FreeNAS backup server to backup all our Windows Servers.  The backup server is then backed up weekly to USB drives and rotated offsite.

WSB is included in Windows Server versions 2008 through 2012 R2 and will be included in Server 2016 when released. One (currently) missing feature of WSB is the ability to email notifications out to inform users of success or failure. If you’ve used proprietary backup solutions before, you’ve likely utilized this feature.

This is an important feature to have for any backup system as knowing if your backups completed or not can save countless hours when disaster strikes.

Let’s fix this using the Windows Task Scheduler, a free program called sendEmail and a few basic batch scripts to tie it all together.taskgeneral-300x226


 

First off, you’ll want to create your backup schedule using WSB.  Configuring this is simple using the following step by step guide but is beyond the scope of this article.  Once your backup schedule is created, you can continue with this guide.

Every time Windows Server Backup starts and completes it generates an event in the Windows Event Viewer. The Task Scheduler can detect when specific Event IDs are generated and this leverages that capability.

Next, you will need to download the sendEmail program from http://caspian.dotconf.net/menu/Software/SendEmail.  Once downloaded, extract it to your system.  I chose to extract it to C:\sendEmail\ and this guide will follow as such.

Next, you will need to create 2 batch scripts: backup-failure.bat and backup-success.bat.  A better programmer might make this a single script and provide an argument for success or failure, but for simplicity sake, and as I’m not a great programmer, I chose this method.

NOTE: Modify the following scripts to suit your needs replacing relevant info to fit your environment.  Specifically, you will need to modify the following operational switches:

  • -f (the from address) gmail.user@gmail.com
  • -t (the to address) someone@domain.com
  • -cc (address to carbon copy the message to) someone@some.other.domain.com
  • -xu (gmail username) gmail.user@gmail.com
  • -xp (your gmail password) your.gmail.password

Additionally, you will want to modify the subject and body fields to include your specific domain and servername info.

  • -u (the subject field) DOMAIN\SERVERNAME
  • -m (the body field) DOMAIN\SERVERNAME

Here is backup-success.bat

c:\sendEmail\sendEmail.exe -o tls=yes -f gmail.user@gmail.com -t someone@domain.com -cc someone@some.other.domain.com -s smtp.gmail.com:587 -xu gmail.user@gmail.com -xp your.gmail.password -u Backup on DOMAIN\SERVERNAME Completed Successfully -m The backup on DOMAIN\SERVERNAME completed with an EventID 4 which indicates a successful completion. Please continue backup drive rotation.  Have a nice day!

Here is backup-failure.bat

c:\sendEmail\sendEmail.exe -o tls=yes -f gmail.user@gmail.com -t someone@domain.com -cc someone@some.other.domain.com -s smtp.gmail.com:587 -xu gmail.user@gmail.com -xp your.gmail.password -u Backup on DOMAIN\SERVERNAME has failed -m The backup on DOMAIN\SERVERNAME did not complete successfully.  Please see event logs on DOMAIN\SERVERNAME for further details.

You can test each script by launching a command prompt, navigating to the C:\sendEmail\ directory and launching each script manually.

Documentation, support and command line options for sendEmail are available on the software’s website.  I have linked the most common command line options below:

sendEmail-v1.56

Save these files in a location from which they can be executed.  In this example, I will be storing them inside the C:\sendEmail\ folder.


 

Next, you will need to open the Task Scheduler. Click on Create Task… on the right column.  On the General tab You will want to give it a descriptive name such as Successful Backup and also a Description. Select to Run whether user is logged on or not.taskgeneral-300x226

Under the Triggers tab click to create a new trigger. Begin the task On an event. Under Settings, Log: Microsoft-Windows-Backup/Operational – Source: Backup – Event ID: 4 . At the bottom check that it is Enabled and set it to stop task if ran longer than 30 minutes.tasktrigger-300x258

Under the Actions tab you will click New and select the Action to Start a Program. The program can be a batch file and for the argument type -Command “C:\sendEmail\backup-success.bat”taskaction-300x227

Click OK to save this task.

You will repeat this and create a new task for the instance in which the backup fails. There are multiple Event IDs that can be generated for a failure so you will need to input all of them on the Triggers tab. You will also make sure to set the action to point to the backup-failure.bat script similar to your Success task.  On the Triggers you will create them the same way and use Log: Microsoft-Windows-Backup/Operational – Source: Backup.  For the Event ID You need to use 5, 7, 8, 9, 17, 22, 49, 50, 52, 100, 517, 518, 521, 527, 544, 545, 546, 561, 564 and 612.triggersfailed-300x226

If you have to do this on multiple servers, you can export and import the tasks so you don’t have to repeat this process for each server.

Finally, run a test backup job.  Once it completes, you should see your email notifications upon success or failure.

 

Sources:

 

Windows Server Backup – https://technet.microsoft.com/en-us/library/cc770266(v=ws.10).aspx

sendEmail – http://caspian.dotconf.net/menu/Software/SendEmail/

Source Article – http://www.triatechnology.com/email-notifications-with-windows-server-backup/

 

 

 

Malware: now on your TV!

A Reddit user with username being “moeburn” raised the likelihood of new malware flowing for Smart TVs, this week:

My sister got a virus on her TV. A VIRUS ON HER G**D**N TV.


It was an LG Smart TV with a built-in web browser, and she managed to get a DNS Hijacker that would say “Your computer is infected please send us money to fix it” any time she tried to do anything on the TV.