image
Patrick Domingues
Data Breach

Facebook Exposed 267M Users Phone Numbers

Researchers have found a database which exposes the names, phone numbers and Facebook user IDs of 267M of the Facebook users. This database was left unsecured on the web for nearly two weeks before it was removed.

The Data Exposed

In total 267,140,436 records were exposed. Most of the affected users were from the United States. Diachenko says all of them seem to be valid. Each contained:

  • A unique Facebook ID
  • A phone number
  • A full name
  • A timestamp

“A database this big is likely to be used for phishing and spam, particularly via SMS,” according to the Thursday report. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”

Facebook users can make some changes in their profiles from being scraped by strangers by adjusting their account privacy settings:

  1. Open Facebook and go to **Settings**
  2. Click **Privacy**
  3. Set all relevant fields to **Friends** or **Only me**
  4. Set **”Do you want search engines outside of Facebook to link to your profile** to **No**

This will reduce the chances of your profile being scraped by third parties, but the only way to ensure it never happens again is to completely deactivate or delete your Facebook account.

Leave a Reply

g

Organizations need to elevate their security posture at the workplace and put in place a cyber security policy to better protect their data and their client’s data. Most company’s these days have a database containing confidential information such as:

  • Private financial data of company assets.
  • Personal details of customers, executives, employees, vendors and partners of the firm.
  • Unfinished or ongoing projects, new software developments and patents of primal importance that are exclusive to the company.
  • Confidential information about existing or potential clients of the company.

Cyber Security is absolutely a requirement these days and should no longer be over looked. All company’s should at least follow simple cyber security practices and employees should be aware of cyber security threats by providing them cyber security awareness training

It is best to have a workplace security policy in place because your aren’t just protecting your employees’ but also the personal credentials of the clients and partners you do business with. A proper cyber security posture allows you to boast that your better to do business and this will gain the confidence of potential clients, and make them confide in your services so that they can decisively disclose their personal information to you. 

International survey’s were gathered on global cyber security, which provided some alarming facts on data breaches. Here is the list of cyber risks indicating the importance of having an efficient workplace security policy:

  • Government, retail and technological industries are subjected to 95% of all data breaches worldwide.
  • According to the survey, one cyber attack in every 39 seconds on an average affects 1 out of 3 employees.
  • Small businesses are most susceptible to cyber attacks in which 64% attacks are internet-based, 62% are phishing scams and attacks via social engineering. 
  • 93% of healthcare industries are subjected to recurring episodes of data breaching by cyber criminals.
  • 95% of all breaches in security takes place due to blunders made by employees in the workplace.
  • More than 77% of the firms do not have a cyber attack incident response program at their disposal in case of an attack.
  • On average, without an effective workplace security policy, it can take up to 6 months for a company to detect a data breach.

As you can see there is no shortage of scenarios of what can go wrong. Cyber criminals are always innovative and trying to trick employees and if you would like some assistance in starting up a cyber security policy feel free to contact me. 

 

Healthcare has become a top priority due to the pandemic and with so many wheels turning to keep up with demands several things fall through the cracks and one of them being cyber security.

Healthcare cyber attack breaches and leaks not only hurt the institutions financially but also hurt its patients for the rest of their lives. Therefore, everyone needs to do their part and take the necessary precautions and try to keep ahead of threats. Here are some simple cyber security measures you can take.

Vulnerability Management

Hackers love to find exploits and unpatched vulnerabilities in the IT infrastructure they are attacking so they can ensure the success of their attempt. You will need to make sure that all the security patches and device firmware are updated regularly. Overlooking even a small vulnerability in your healthcare’s IT security can have severe ramifications. Conducting periodic Vulnerability Assessment and Penetration Testing can significantly assist you in keeping your IT infrastructure free from any weaknesses and minimizing the risk of cyber attack breach.

 

Cyber Security Awareness

This day in age we cannot forgo educating staff about cyber security risks. If every individual is vigilant enough, it will be difficult for the hackers to find an opening for an attack. Healthcare Organizations can use innovative and cost effective cyber security awareness tools to train and test employees in the art of avoiding cyber attacks.

 

Multi-Factor Authentication (MFA)

The Implementation of MFA on all your endpoints across the network is an effective way to get rid of some of the most disastrous vulnerabilities. Microsoft stated in a report that enabling MFA can block over 99.9% of all automated account compromise attacks. With billions of stolen credentials for sale, it has become extremely important to adopt MFA as a basic security protocol. This applies not just to the healthcare industry but everywhere.

 

Backup And Disaster Recovery

The best way to minimize the damage caused by a cyber attack where hackers pushed ransomware is to have properly deployed backups, in the cloud and offline storage. If you are unable to prevent a cyber attack from hitting its mark, it is essential to have a plan. The next best course of action is to ensure that you have a reliable backup and restoration option.

 

Cyber security for Healthcare organizations do not just end here however it is definitely a start. Healthcare organizations need to abide by HIPAA Standards and you can use this document HIPAA compliance checklist to see what you have missed.

Everyone Hates Ransomware Attacks and we should learn their strategy. Ransomware is a type of malware that is installed onto computers through malicious emails. The ransomware encrypts the computers data and then requires the victims to purchase a decryption key. Once the data is encrypted the hackers will demand a ransom, which can set you back a few hundred dollars to a few thousand which are payable in Bitcoin.

There are a number of attack vectors through which ransomware can gain unauthorized access into computer systems. One of the most common ways used to access computers is via phishing emails and email attachments. Hackers make these emails look really legitimate and trick the users to open them. Once these emails are opened and attachments are downloaded, the attackers take over the victims’ computers. 

Hackers can also access your network through Remote Desktop (RDP) that are open directly to the public. They can phish you or find your credentials online and log into the network. using your credentials and push ransomware using a script. 

 

Five Actions To Prevent Ransomware Attacks

By following these essential preventive measures you can protect yourself from ransomware attacks. All you need to do is to be careful about what your clicking about on your computer. Here are a few steps cyber security best steps to follow to stay protected. 

  1. Avoid clicking random links: Never click on suspicious or random links, attached in unsolicited emails. 
  2. Backup Your Data: Create a separate data backup in an external hard drive that is not connected to your computer, so that you don’t have to pay the ransom if a ransomware attack happens.
  3. Cloud Backup: Create cloud backup just in case any local backups succumb to hardware failure.
  4. Don’t disclose your personal information: Never disclose your personal information to people from a random call, text, or email asking you for personal details like banking information or any account information. Always verify the incoming source of those contacts as hackers steal personal data first to misuse it for malicious campaigns or financial frauds.
  5. Use spam filtering software: It is advisable to use spam filtering software on your mail server to prevent a ransomware attack. The software should help in reducing the likelihood of a malicious email from reaching your inbox.
  6. New Age Antivirus Software: Find a vendor the provides a total endpoint solution that can stop a ransomware execution.
  7. Security awareness training for employees: Your company should always want to secure confidential data from all types of cyber attacks. Therefore, it is important to conduct a cyber security awareness program. This will allow employees to grain detailed knowledge of attack vectors and how to reduce the chances of ransomware attacks. 

In these steps below I will be guiding you through setting up VMware vMotion using vSphere 6.7.

  1. Log into your vSphere 6.7 portal
  2. In my case I want to have my esxi2 server to have the ability use vMotion.
  3. Proceed with Clicking the Configure Tab
  4. On the left hand side scroll down and location “Networking” , Click on VMKernel adapters.
  5. Proceed with clicking on the Add Networking button.
  6. You are now prompted with the Add Networking Wizard. In step 1 of this wizard. You will Keep VMkernel Network Adapter Selected, then click Next.
  7. Step 2 in the wizard we will be selecting New Standard Switch and then proceed with clicking Next.
  8. In Step 3 of the wizard, best practice is to use a dedicated Unused adapter. If you do not have one proceed with Active adapters and click Next and Accept the warning.
  9. Step 4 of the wizard use a Network Label by calling this adapter vMotion apply a vlan if you have one. Select vMotion check box and click Next.

  10. On Step 5 of this wizard, use a unused static IP address outside of the DHCP scope that matches your subnet so it does not conflict with anything on the network. Then proceed with clicking Next.
  11. In steps 6 of the wizard just click the FINISH button and you are complete.

Dont forget you will have to go through the same steps on the esxi server you want to transfer your Virtual Machines to. Happy vMotioning!

New Malware has been discovered being pushed through WhatsApp messages and once infected it will push to other contacts in order to expand what appears to be an adware campaign.

ESET researcher Lukas Stefanko said “This malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app” .

The malware will introduce itself as a Huawei Mobile app, upon clicking the link it will redirect users to a lookalike Google Play Store and luring you to install the malware app. You will be prompted to grant it notification access, which is then abused to carry out the malware attack.

Please be vigilant and always consider that the messages people send you with links may lead you to malware, especially if it something random and out of character from one of your contacts. 

Have you asked yourself, are you doing enough to protect your business from phishing attacks? if your second guessing yourself you are most likely have been or going to be a victim of a phishing attack. Read these shocking phishing facts you may or may not know–and how these facts may apply to your own vulnerability against a phishing attack.

 

 

Interesting Phishing Facts

Phishing Fact Source
33% of breaches included social attacks Verizon Data Breach Investigations Report (DBIR) 2019
65% of attacker groups used spear phishing as the primary infection vector Symantec Internet Security Threat Report (ISTR) 2019
29% of breaches involved use of stolen credentials Verizon Data Breach Investigations Report (DBIR) 2019
48% of malicious email attachments are Office files Symantec Internet Security Threat Report (ISTR) 2019
94% of malware was delivered via email Verizon Data Breach Investigations Report (DBIR) 2019
32% of breaches involve phishing Verizon Data Breach Investigations Report (DBIR) 2019
64% of organizations have experienced a phishing attack in the past year Check Point Research Security Report 2018
22% of organizations see phishing as their greatest security threat EY Global Information Security Survey 2018
77% of IT professionals feel their security teams are unprepared for today’s cybersecurity challenges Check Point Research Security Report 2018
34% of organizations see careless or unaware employees as a vulnerability EY Global Information Security Survey 2018
59% of phishing attacks in the Americas relate to finance NTT Security Global Threat Intelligence Report  2018
85% of organizations say their security reporting does not meet their expectations EY Global Information Security Survey 2018
59% of companies consider ransomware to be their biggest threat Check Point Research Security Report 2018
70% of breaches associated with a nation-state or state-affiliated actors involved phishing Verizon Data Breach Investigations Report (DBIR) 2018
71.4% of targeted attacks involved the use of spear-phishing emails Symantec Internet Security Threat Report 2018
66% of malware is installed via malicious email attachments Verizon Data Breach Investigations Report (DBIR) 2017
49% of non-point-of-sale malware was installed via malicious email Verizon Data Breach Investigations Report (DBIR) 2018
43% of all breaches included social tactics Verizon Data Breach Investigations Report (DBIR) 2017
93% of social attacks were phishing related Verizon Data Breach Investigations Report (DBIR) 2017
64% of organizations have experienced a phishing attack in the past year Check Point Research Security Report – 2018
28% of phishing attacks are targeted Verizon Data Breach Investigations Report (DBIR) 2017
21% of ransomware involved social actions, such as phishing Verizon Data Breach Investigations Report (DBIR) 2017
Finance faced 59% of phishing attacks in the Americas. NTT Security – Global Threat Intelligence Report  2018
74% of cyber-espionage actions within the public sector involved phishing Verizon Data Breach Investigations Report (DBIR) 2018
82% of manufacturers have experienced a phishing attack in the past year Check Point Research Security Report  2018

 

Did you know that 81% of Data Breaches happen due to poor password practices and one of are due to human errors like password sharing which can lead to massive data breaches.

I’m sure your open minded just like me and when you read these statics it will provide the criticality of password security in today’s date:

  • Did you know that 81% of the data breaches have been reported because of poor password security.
  • Fun fact, by the end of 2020, password usage across the globe will grow by 300 billion. 
  • Just about 25% of employees use the same password for all their login credentials.
  • About 61% of companies have accounts with non-expiring user passwords.
  • Around 54% of the small and medium-sized businesses don’t check up on their employee password practices.


Do Not Share Your Work Password.

How would you feel giving your personal password to someone? You wouldn’t do it right? What you have is private. Well it’s the same thing with a company password. Their data is important and private which you have to protect. Here’s the other aspect of it… You plain and simple, just can’t trust people to keep it secure. If your organization lacks cyber security awareness training should make it even more of a red flag to not share your password. You must keep an open mind and realize that the person you shared your password with could do something malicious with your email or even use your account to bring down the company to get you fired. The purpose of using a password is to safeguard data or sensitive information from unauthorized access. Can you imagine if your one of those companies that use the same account and password for all the computers, what can actually happen when a hacker gets in? You just gave them the keys to the kingdom without even a fight. Management also needs to get onboard and create a positive culture around security, trust me it will benefit everyone. 

 

What can we do?

  1. Single sign-on (SSO)

    Each User have their own SSO. SSO is an authentication scheme that allows users to use a single ID and password to access multiple corporate software and applications. An employee can use one password to access dozens of enterprise login accounts at the same time.

  2. Cyber Security Awareness Training

    Every organization must provide security awareness training to its employees in order to understand the basic cybersecurity practices and how they must be followed in their day to day life.

What is this Digital Weapon?

This type of weapon is called Malicious Software or for short Malware. This type of software is designed intentionally to hurt and infect your network and computers and their are many type in the wild.

Types of Digital Weapon Threats

There are many types of malware however the weapons mostly used today are not directly installed on your device but instead hackers use loopholes that they exploit to launch scripts.

What is Malware?

What are the types of digital weapon payloads?   

  • Social Engineering: 

When an attacker manipulates the user to extract sensitive information for personal gains, it is known as social engineering. Sometimes the malicious links or malicious files are sent to the victim during social engineering. As soon as the victim clicks on the malicious link or downloads the malicious file, the malware gets installed in the victim’s device.

  • Email: 

The attacker sends lucrative emails that tempt the user to click on the link provided in the email. As soon as the link is clicked, the malware gets downloaded itself in the background and infects the user’s PC.

  • Website cookies: 

Malware tampers web cookies. Thus, when you open a genuine site, this malicious cookie triggers and redirects you to the malicious sites. Thus, these sites may extract information or can download the malware into your system.

  • Planted Removable Medias: 

Sometimes the attacker intentionally plants the removable media with malware loaded in it to tempt the victim to check its data. As soon as you will plug it in your system, the malware will be automatically installed and will end up infecting your device.

What are the types of Malware?

As you discovered previously the malware is categorized and named based on the way these hackers infect the systems. Which more details can be found below: 

  • Worm: 

Worms exploit your operating system. These types of malicious software use your network bandwidth, steal your data, and send it to the attacker. It has the property to self-replicate and thus, it copies itself through the network.

  • Trojan Horse: 

Trojan Horse is that comes attached to a normal file. Trojan malware disguises itself in the necessary files and then sends the data of your device to the attacker.

  • Spyware: 

This extracts important credentials of data from a user’s device and sends it to the attacker. This kind of malware exploits the vulnerabilities in the software.

  •  Ransomware: 

This is a kind of malicious software that infects the victim’s device by encrypting its data. The data can only be decrypted with a key that is provided by the attackers once you pay the ransom amount to them. Thus, it is advisable to keep backup of your data.

  • Adware: 

Adware is a kind of malicious software that is injected into the victim’s device using the advertisement pop-ups of needful software. Pop-ups of urgent requirements of antivirus, malware remover, etc. are embedded with the malicious link. As soon as the victim clicks on the link, the malicious file is downloaded in his/her system and infects the device.

  •  Virus:

This is a kind of malicious software that steals information and credentials of the user. The virus is also sometimes used to make the victim a bot. It can self-replicate itself but it cannot be transferred to the other device without human intervention. It can be attached to a document, mail attachments, scripts, etc.

7 Prevention Tips

  1. Never click on random links as they may end up infecting your system.
  2. Do not click on any link unless provided by the trusted source. 
  3. Always keep your computers patched up with latest updates. 
  4. Change your passwords and check your passwords.
  5. Do not open emails and attachments from unknown senders. 
  6. Do not plug in random USBs drives found laying around form public places.
  7. Take Cyber Security Awareness Training.

Below you will be provided details on how to resolve the access denied to the CD/DVD RW drive. This should also resolve users not being able to access blank DVD’s or CD’s to burn them.

Just follow the instructions to permit the fix CD/DVD access denied issue in Windows:

1. Go to Start >> Run >> type ‘regedit‘ and hit enter.

2. Navigate to Hkey_local_machine\SYSTEM\CurrentControlSet\Control\Class{4D36E965-E325-11CE-BFC1-08002BE10318}

3. Right clicked, then on right panel click new, then create two new key D-word.
Then rename it to Properties. In Properties create two new dwords

  • a. Name: DeviceType
    Type: reg_dword
    Hex Value: 00000002

  • b. Name: DeviceCharacteristics
    Type: reg_dword
    Hex Value: 00000100


4. Most important: uninstall the driver of cd/dvd from Device manager.

5. Restart. Scan for New Hardware.

6. Problem Solved.


At some point you may run into an issue “The trust relationship between this workstation and the primary domain failed” and here are a few steps to rejoin domain using CMD.

  1. Have the ability to log in with a local Administrator account, For EX: by typing, “.\Administrator” in the login window. If you’re creative and resourceful you can hack your way in without the password.


  2. Now you need to make sure that netdom.exe is working. Netdom.exe depends on what version of Windows you’re running. With Windows Server 2008 and Windows Server 2008 R2 netdom.exe needs to be enabled in the Active Directory Domain Services role. On Windows Vista and Windows 7 you will have to get it from Remote Server Administration Tools (RSAT). Google can help you get them. For other platforms see this link: http://technet.microsoft.com/en-us/library/ee649281(WS.10).aspx


  3. Oce step 1 and 2 are done we can run netdom.exe to change the password. Open “CMD” command prompt as administrator and type the following command: netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
netdom.exe resetpwd /s:<server> /ud:<user> /pd:<PW>

<server> = The domain controller hostname, you may have to use full FQDN.

<user> = This would be the DOMAIN\DomainAdmin Account to join domain.
  
<PW> = Would be the DomainAdmin password.

4. Once you get a successful message Reboot the machine.

NOTE: If you are getting an error message that you cannot find domain or server make sure discovery is turned on. You can also edit your hosts file with the ip and host name of the DC.

Recent Posts

Recent Comments

Archives

Categories

Meta