image
Patrick Domingues
Data Breach

Facebook Exposed 267M Users Phone Numbers

Researchers have found a database which exposes the names, phone numbers and Facebook user IDs of 267M of the Facebook users. This database was left unsecured on the web for nearly two weeks before it was removed.

The Data Exposed

In total 267,140,436 records were exposed. Most of the affected users were from the United States. Diachenko says all of them seem to be valid. Each contained:

  • A unique Facebook ID
  • A phone number
  • A full name
  • A timestamp

“A database this big is likely to be used for phishing and spam, particularly via SMS,” according to the Thursday report. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”

Facebook users can make some changes in their profiles from being scraped by strangers by adjusting their account privacy settings:

  1. Open Facebook and go to **Settings**
  2. Click **Privacy**
  3. Set all relevant fields to **Friends** or **Only me**
  4. Set **”Do you want search engines outside of Facebook to link to your profile** to **No**

This will reduce the chances of your profile being scraped by third parties, but the only way to ensure it never happens again is to completely deactivate or delete your Facebook account.

Leave a Reply

g

If your using Windows Server 2008 or older on your network it makes you none HIPAA Compliant and should be ashamed for putting your clients and patient information at risk.

What Windows Server 2008 “END OF LIFE” and HIPAA mean for you?

What you need to worry about is that Windows Server 2008 will no longer receive windows security updates for vulnerabilities and this in itself is a breach in HIPAA compliance. This also means that Microsoft will no longer offer technical support for any issues, software updates, and security updates or fixes.

One of the main reasons why Your Not HIPAA Compliant Using Windows Server 2008 is because of the lack of security updates and fixes. This puts all information stored on Windows Server 2008, including confidential client information, will be at risk. Hackers and external security threats will know about this stop date, and as such will find it easier to push through established security protocols and infiltrate your private security network.

WHAT TO DO TO UPDATE YOUR WINDOWS Server 2008

The best course of action as a medical service provider running Windows Server 2008 is to contact either your current IT provider or to contact yours truly Patrick Domingues for guidance on what to do next. It is best to contact someone sooner rather than later because not only you are subjecting your patient information to vulnerabilities, Your Not HIPAA Compliant Using Windows Server 2008 and could be liable in paying willful neglect HIPAA Fines

If your using Windows 7 or older on your network you are not HIPAA Compliant and should be ashamed for putting your clients and patient information at risk.

What WINDOWS 7 “END OF LIFE” and HIPAA mean for you?

What you need to worry about is that Windows 7 will no longer receive windows security updates for vulnerabilities and this in itself is a breach in HIPAA compliance. This also means that Microsoft will no longer offer technical support for any issues, software updates, and security updates or fixes.

One of the main reasons why Your Not HIPAA Compliant Using Windows 7 is because of the lack of security updates and fixes. This puts all information stored on Windows 7, including confidential client information, will be at risk. Hackers and external security threats will know about this stop date, and as such will find it easier to push through established security protocols and infiltrate your private security network.

WHAT TO DO TO UPDATE YOUR WINDOWS 7

The best course of action as a medical service provider running Windows 7 is to contact either your current IT provider or to contact yours truly Patrick Domingues for guidance on what to do next. It is best to contact someone sooner rather than later because not only you are subjecting your patient information to vulnerabilities, Your Not HIPAA Compliant Using Windows 7 and could be liable in paying willful neglect HIPAA Fines

Mozilla the makers of Firefox has issued a zero-day security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited flaw in the IonMonkey JIT compiler.

What is known

“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” they stated in the official advisory posted by Mozilla, citing the two elements as StoreElementHole and FallibleStoreElmenet. “We are aware of targeted attacks in the wild abusing this flaw.”

Announced January 8, 2020
Impact: critical
Products: Firefox, Firefox ESRFixed in

  • Firefox 72.0.1
  • Firefox ESR 68.4.1

 

Designated CVE-2019-17026, the zero-day bug was reported by researchers at Qihoo 360 ATA. The problem has been fixed with the latest release of Firefox 72.0.1 and Firefox ESR 68.4.1

No other details have been provided by firefox. Click here to Download Latest Firefox Software to patch the zero-day flaw.

Zynga.com, maker of Words with Friends suffered a data breach in December that included 228m records and that data has recently surfaced on the Dark Web.

In the past you may have signed up for Words with Friends and other zynga.com created games and provided the information to a service that is in some way associated with zynga.com. It may be difficult for you to remember, or you simply may not know other services are associated with zynga.com. What is important to know is that information belonging to all these users are now being shared improperly on the dark web.

Even though you may have stopped using zynga.com (games Words with Friends and Draw Something), or perhaps deactivated the account, or maybe unsubscribed, the information could still be available in their systems.

Exposed Information

  • Email
  • Username
  • Password
  • Facebook Username/ID

What can you do next?

Being proactive with best practices and next steps such as the following can help:

  • Change the password associated with the affected website or any other site that uses that password.
  • If you don’t remember your password, perform a password reset on the site.

Hackers are exploiting existing vulnerabilities in Pulse Secure VPN and Android Phones. The flaw tracked as CVE-2019-1150, has been rated ‘Highly’ critical. This arbitrary read file vulnerability affects multiple versions of Pulse Connect Secure and Pulse Policy Secure. This flaw allows remote attackers to connect via HTTPS to an enterprise network without the requirement of any valid username or password.

Attackers can use the flaw to view logs and files, turn-off multifactor authentication, download arbitrary files and execute malicious code on enterprise networks.

Good News is Pulse Secure has released a security update to address the issue and users are urged to apply the patches immediately to mitigate such attacks.

Did you know that your Netflix Membership has expired on Dec 31st 2019? Hackers are using these types of Phishing emails to try and gain access to your account to obtain private information and maybe watch some NETFLIX on your dime.

Some common tip-offs that an email is phony are typos, grammatical mistakes, awkward language, missing words, extra spaces, and other signs that the email was written unprofessionally. Such emails might also ask you to look at an attachment or click a link and then give your personal information on a Web page or in a form. Or the sender’s email address might look suspicious. If you hover over the links you can even see that it would not direct you to legit URL. Here Are A Few Email TIPS 

WordPress has pushed out version 5.3.1 patching four security issues.

WordPress versions 5.3 and earlier contain a few vulnerabilities and the WordPress is recommending users that utilize WordPress to download the the latest version. This is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released.

WordPress did not make note of any CVEs, but they did say in a PUBLIC MESSAGE that the vulnerabilities included contained an issue where a unprivileged user could make a post sticky via the REST API; an problem where cross-site scripting (XSS) could be stored in well-crafted links; a stored XSS vulnerability using block editor content and the fix also hardens wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.

These are a few steps on how to Update Firmware On Dell N2024 Switches

  1. Before making any configurations, we will want to make sure that the switches have latest firmware.
  2. Grab the Switch Service Tag and go to the dell website and download the latest firmware.
  3. Since the creation of this article the latest firmware for my Dell N2024 is N2100v6.6.0.13.A03
  4. We will need a USB Thumb Drive and extract the firmware N2000Stdv6.6.0.13.stk and place it into the root of the USB Drive.
  5. We will be updating the switches individually plug in your usb drive to the front of the switch.
  6. Plug in your console cable from the switch to your computer.
  7. Plug in the power cable just to the one switch and it should start booting up
  8. Use Putty to get connected to COM3 through whatever COM number.
  9. Once you see the following we are ready to throw some commands at it.


  10. Type the following commands to view current firmware.

    • console> EN
    • console# Show Version

In my case I already have the version updated to the latest. If your Active and Backup version differs from your latest downloaded version we will continue updating the firmware.

  1. Use the following commands to make sure the USB thumb drive is active
    • Console# Show usb device

               If your drive is active your ready to go to the next step. If you do not see a Active USB drive use a different thumb drive.

 

  1. We will now run the commands to copy the firmware to both backup and active
    • console> enable
    • console# Copy usb:// 6.0.13.stk active
  2. You will be prompted to accept the transfer which you type in the letter y



  3. Now update the backup firmware to the latest.
    • console> enable
    • console# Copy usb:// 6.0.13.stk backup
  4. You will be prompted to accept the transfer which you type in the letter y
  5. Once all the transfers are done type the command: show version


  6. Type in the command reload to restart the switch and you should be ready with the new firmware.
  7. Now move forward and perform the same actions on the 2nd

To restore the Dell N2024 or N2048 switch to factory defaults you can follow the below procedure:

  1. Manually reboot your switch
  2. While the switch is booting up keep an eye on the bootup screen and find “Dell Networking Boot Options” and select option #2 (Display Boot Menu) within 3 seconds.
  3. On Boot Main Menu, enter choice # 10 for enable password removal.

Dell Networking Boot Options

Select a menu option within 3 seconds or the Operational Code will start automatically…

1 – Start Operational Code

2 – Display Boot Menu

Select Cl , 2) # 2

Boot Main Menu

1 – Start Operational Code
2 – Select Baud Rate
3 – Retrieve Logs
4 – Load New Operational Code
5 – Display Operational Code Details
9 – Reboot
10 – Restore Configuration to Factory Defaults
11 – Activate Backup Image
12 – Start Password Recovery
Enter Choice* 10

If you are looking for a how to on an easy way to Reestablish Domain Relationship trust using PowerShell you have come to the right place.

  1. Log on Windows 10 using local Administrator account
  2. Click on Start menu and type PowerShell
  3. Right click on PowerShell and choose Run as Administrator
  4. Press Yes to confirm running as Administrator
  5. Type $credential = Get-Credential and press Enter
  6. Enter domain admin account and password and then click OK
  7. Type Reset-ComputerMachinePassword -Credential $credential and press Enter
  8. Close PowerShell
  9. Restart your Windows machine
  10. Log on Windows 10 using domain user account

Recent Posts

Recent Comments

Archives

Categories

Meta