Facebook Exposed 267M Users Phone Numbers
Researchers have found a database which exposes the names, phone numbers and Facebook user IDs of 267M of the Facebook users. This database was left unsecured on the web for nearly two weeks before it was removed.
The Data Exposed
In total 267,140,436 records were exposed. Most of the affected users were from the United States. Diachenko says all of them seem to be valid. Each contained:
- A unique Facebook ID
- A phone number
- A full name
- A timestamp
“A database this big is likely to be used for phishing and spam, particularly via SMS,” according to the Thursday report. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”
Facebook users can make some changes in their profiles from being scraped by strangers by adjusting their account privacy settings:
- Open Facebook and go to **Settings**
- Click **Privacy**
- Set all relevant fields to **Friends** or **Only me**
- Set **”Do you want search engines outside of Facebook to link to your profile** to **No**
This will reduce the chances of your profile being scraped by third parties, but the only way to ensure it never happens again is to completely deactivate or delete your Facebook account.
g
So the question your asking Is OpenDNS Umbrella HIPAA Compliant? OpenDNS Umbrella and its software client questionable? Is it a breach of HIPAA Compliance?
Lets Review The Basics…
Lets go back to the basics, OpenDNS is a company and service that extends the Domain Name System by adding features such as Logging, phishing protection, malware protection and content filtering in addition to DNS lookup, if its DNS servers are used. So knowing this it already seems to be better than Comcast DNS of 75.75.75.75 or Googles DNS of 8.8.8.8. Open DNS Umbrella actually provides something of value.
Let’s look at exactly how a DNS request works.
- A DNS request starts when you try to access a computer on the internet. For example, you type PatrickDomingues.com in your browser address bar.
- The first stop for the DNS request is the local DNS cache. As you access different computers, those IP addresses get stored in a local repository. If you visited PatrickDomingues.com before, you have the IP address in your cache.
- If you don’t have the IP address in your local DNS cache, DNS will check with a recursive DNS server. Your Internal Domain Controller or Internet Service Provider (ISP) like Comcast’s DNS usually provides a recursive DNS server for this purpose.
- The recursive DNS server has its own cache, and if it has the IP address, it will return it to you. If not, it will go ask another DNS server.
- The next stop is the TLD name servers, in this case, the TLD name server for the .com addresses. These servers don’t have the IP address we need, but it can send the DNS request in the right direction.
- What the TLD name servers do have is the location of the authoritative name server for the requested site. The authoritative name server responds with the IP address for PatrickDomingues.com and the recursive DNS server stores it in the local DNS cache and returns the address to your computer.
- Your local DNS service gets the IP address and connects to PatrickDomingues.com to download all the glorious content. DNS then records the IP address in local cache with a time-to-live (TTL) value. The TTL is the amount of time the local DNS record is valid, and after that time, DNS will go through the process again when you request PatrickDomingues.com the next time.
So now we know how DNS works and we want to put this into practice, well we can change our internal DNS to always point to a protected DNS source like OpenDNS Umbrella. We can have our internal DNS servers set its forward lookups to OpenDNS addresses to make sure that everyone internally is being resolved by OpenDNS. For end user laptops we can also install the OpenDNS Umbrella client so they stay protected as well.
To the Point, Is OpenDNS Umbrella HIPAA Compliant?
HIPAA mandates that we have certen security practices in place like Content Filterting, Malware Protection and Logging which is a critical security feature that is required by HIPAA security rule. The Auditing and Reporting Feature enables system administrators to quickly identify potential incidents and events by users.
In Conclusion!
The answer is YES , well more so the answer being that OpenDNS Umbrella can actually assists you in Achieving HIPAA compliance with a simple to deploy cost effect solution.
View The University of Kansas Hospital Customer Story
- Is OpenDNS Umbrella HIPAA Compliant?
- How To Ping With Date and Time To TXT File Using CMD
- Zeus Sphinx Banking Trojan Ramps Up During COVID19
- TOP Horrible Passwords To Use For 2020
- CoronaVirus Business Continuity Plan Checklist
There are occasions where you will need to know How To Ping With Date and Time To TXT File Using CMD and a few Windows Ping commands can help. This will use a provide a date and a timestamp the result of each ping, with a bit of effort you can get it to do that. It’s quite useful if you specifically need to use the Windows Ping command.
ping -t patrickdomingues.com|cmd /q /v /c "(pause&pause)>nul & for /l %a in () do (set /p "data=" && echo(!date! !time! !data!)&ping -n 2 patrickdomingues.com>nul" >C:\ping\pingtest.txt
The above will continuously ping the address with a time and date to a output log file which in this case is called pingtest.txt , press Ctrl+C to end the session. If you do not need an output file remove the redirection to an output file string if you want to show the results in the console window.
- Is OpenDNS Umbrella HIPAA Compliant?
- How To Ping With Date and Time To TXT File Using CMD
- Zeus Sphinx Banking Trojan Ramps Up During COVID19
- TOP Horrible Passwords To Use For 2020
- CoronaVirus Business Continuity Plan Checklist
The Zeus and Sphinx Banking Trojan is showing off its ugly face more often now during COVID19, lurking and targeting desperate users looking for information about COVID19.
According to researchers Amir Gandler and Limor Kessem at IBM X-Force, the researchers observed a significant increase in volume in March 2020, of the Zeus and Sphinx’s malware. It was clear that the operators looked to take advantages around government relief payments to COVID19 affected people and companies.
In March 2020 these phishing and malspam campaigns emails tell targets that they need to fill out an attached form to receive coronavirus relief from the government. These new Zeus and Sphinx Banking Trojan variant is spreading via coronavirus-themed email sent to victims in the U.S., Canada and Australia, housed in malicious attachments named “COVID 19 relief,” according to an X-Force blog posting on Monday.
Stay vigilant and review these Email Security Tips you can also play the Introduction to Phishing video below.
- Is OpenDNS Umbrella HIPAA Compliant?
- How To Ping With Date and Time To TXT File Using CMD
- Zeus Sphinx Banking Trojan Ramps Up During COVID19
- TOP Horrible Passwords To Use For 2020
- CoronaVirus Business Continuity Plan Checklist
How many Horrible Passwords are there? Let me tell you there are about 500 of them and we will show you the TOP Horrible Passwords To Use For 2020. Any password documented publicly or available in the darkweb can be used in a dictionary attack. This is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.
| NO | Top 1-100 | Top 101–200 | Top 201–300 | Top 301–400 | Top 401–500 |
| 1 | 123456 | porsche | firebird | prince | rosebud |
| 2 | password | guitar | butter | beach | jaguar |
| 3 | 12345678 | chelsea | united | amateur | great |
| 4 | 1234 | black | turtle | 7777777 | cool |
| 5 | pussy | diamond | steelers | muffin | cooper |
| 6 | 12345 | nascar | tiffany | redsox | 1313 |
| 7 | dragon | jackson | zxcvbn | star | scorpio |
| 8 | qwerty | cameron | tomcat | testing | mountain |
| 9 | 696969 | 654321 | golf | shannon | madison |
| 10 | mustang | computer | bond007 | murphy | 987654 |
| 11 | letmein | amanda | bear | frank | brazil |
| 12 | baseball | wizard | tiger | hannah | lauren |
| 13 | master | xxxxxxxx | doctor | dave | japan |
| 14 | michael | money | gateway | eagle1 | naked |
| 15 | football | phoenix | gators | 11111 | squirt |
| 16 | shadow | mickey | angel | mother | stars |
| 17 | monkey | bailey | junior | nathan | apple |
| 18 | abc123 | knight | thx1138 | raiders | alexis |
| 19 | pass | iceman | porno | steve | aaaa |
| 20 | fuckme | tigers | badboy | forever | bonnie |
| 21 | 6969 | purple | debbie | angela | peaches |
| 22 | jordan | andrea | spider | viper | jasmine |
| 23 | harley | horny | melissa | ou812 | kevin |
| 24 | ranger | dakota | booger | jake | matt |
| 25 | iwantu | aaaaaa | 1212 | lovers | qwertyui |
| 26 | jennifer | player | flyers | suckit | danielle |
| 27 | hunter | sunshine | fish | gregory | beaver |
| 28 | fuck | morgan | porn | buddy | 4321 |
| 29 | 2000 | starwars | matrix | whatever | 4128 |
| 30 | test | boomer | teens | young | runner |
| 31 | batman | cowboys | scooby | nicholas | swimming |
| 32 | trustno1 | edward | jason | lucky | dolphin |
| 33 | thomas | charles | walter | helpme | gordon |
| 34 | tigger | girls | cumshot | jackie | casper |
| 35 | robert | booboo | boston | monica | stupid |
| 36 | access | coffee | braves | midnight | shit |
| 37 | love | xxxxxx | yankee | college | saturn |
| 38 | buster | bulldog | lover | baby | gemini |
| 39 | 1234567 | ncc1701 | barney | cunt | apples |
| 40 | soccer | rabbit | victor | brian | august |
| 41 | hockey | peanut | tucker | mark | 3333 |
| 42 | killer | john | princess | startrek | canada |
| 43 | george | johnny | mercedes | sierra | blazer |
| 44 | sexy | gandalf | 5150 | leather | cumming |
| 45 | andrew | spanky | doggie | 232323 | hunting |
| 46 | charlie | winter | zzzzzz | 4444 | kitty |
| 47 | superman | brandy | gunner | beavis | rainbow |
| 48 | asshole | compaq | horney | bigcock | 112233 |
| 49 | fuckyou | carlos | bubba | happy | arthur |
| 50 | dallas | tennis | 2112 | sophie | cream |
| 51 | jessica | james | fred | ladies | calvin |
| 52 | panties | mike | johnson | naughty | shaved |
| 53 | pepper | brandon | xxxxx | giants | surfer |
| 54 | 1111 | fender | tits | booty | samson |
| 55 | austin | anthony | member | blonde | kelly |
| 56 | william | blowme | boobs | fucked | paul |
| 57 | daniel | ferrari | donald | golden | mine |
| 58 | golfer | cookie | bigdaddy | 0 | king |
| 59 | summer | chicken | bronco | fire | racing |
| 60 | heather | maverick | penis | sandra | 5555 |
| 61 | hammer | chicago | voyager | pookie | eagle |
| 62 | yankees | joseph | rangers | packers | hentai |
| 63 | joshua | diablo | birdie | einstein | newyork |
| 64 | maggie | sexsex | trouble | dolphins | little |
| 65 | biteme | hardcore | white | 0 | redwings |
| 66 | enter | 666666 | topgun | chevy | smith |
| 67 | ashley | willie | bigtits | winston | sticky |
| 68 | thunder | welcome | bitches | warrior | cocacola |
| 69 | cowboy | chris | green | sammy | animal |
| 70 | silver | panther | super | slut | broncos |
| 71 | richard | yamaha | qazwsx | 8675309 | private |
| 72 | fucker | justin | magic | zxcvbnm | skippy |
| 73 | orange | banana | lakers | nipples | marvin |
| 74 | merlin | driver | rachel | power | blondes |
| 75 | michelle | marine | slayer | victoria | enjoy |
| 76 | corvette | angels | scott | asdfgh | girl |
| 77 | bigdog | fishing | 2222 | vagina | apollo |
| 78 | cheese | david | asdf | toyota | parker |
| 79 | matthew | maddog | video | travis | qwert |
| 80 | 121212 | hooters | london | hotdog | time |
| 81 | patrick | wilson | 7777 | paris | sydney |
| 82 | martin | butthead | marlboro | rock | women |
| 83 | freedom | dennis | srinivas | xxxx | voodoo |
| 84 | ginger | fucking | internet | extreme | magnum |
| 85 | blowjob | captain | action | redskins | juice |
| 86 | nicole | bigdick | carter | erotic | abgrtyu |
| 87 | sparky | chester | jasper | dirty | 777777 |
| 88 | yellow | smokey | monster | ford | dreams |
| 89 | camaro | xavier | teresa | freddy | maxwell |
| 90 | secret | steven | jeremy | arsenal | music |
| 91 | dick | viking | 11111111 | access14 | rush2112 |
| 92 | falcon | snoopy | bill | wolf | russia |
| 93 | taylor | blue | crystal | nipple | scorpion |
| 94 | 111111 | eagles | peter | iloveyou | rebecca |
| 95 | 131313 | winner | pussies | alex | tester |
| 96 | 123123 | samantha | cock | florida | mistress |
| 97 | bitch | house | beer | eric | phantom |
| 98 | hello | miller | rocket | legend | billy |
| 99 | scooter | flower | theman | movie | 6666 |
| 100 | please | jack | oliver | success | albert |
What you should do.
Besides the TOP Horrible Passwords for 2020. You should be concerned about any combination of dictionary words and previous passwords found on the Darkweb, Click Here To Find Your Compromised Passwords.
Additionally use the follow steps below for better password practices for 2020.
- Character Length: There is no ideal character length for passwords. The more characters you have, the more difficult it is to crack. However, use at least 8 characters to meet the bare minimum security practice.
- Character Type: Use a combination of uppercase, lowercase, numbers, and symbols. It will narrow down the overall chances of your password being compromised. Example: Tave@35322!
- Password Dictionaries: The password should not be listed in the popular password dictionaries. There are online tools where you can check against known password lists.
- Password Manager: Are your passwords too long and complex to remember? Use a password manager. That should suffice.
- Password Generators: There are simple password generators available online that offer better password security.
- Is OpenDNS Umbrella HIPAA Compliant?
- How To Ping With Date and Time To TXT File Using CMD
- Zeus Sphinx Banking Trojan Ramps Up During COVID19
- TOP Horrible Passwords To Use For 2020
- CoronaVirus Business Continuity Plan Checklist
No one can predict the future; however, you can be ready with a sound CoronaVirus Business Continuity Plan. This CoronaVirus business continuity checklist is the first step in the BCP process. The checklist is not an exhaustive list, it is a simple tool that can be used to ensure that the basic CoronaVirus Business Continuity Plan process has been initiated and the division management has considered what needs to be done to keep essential functions operating if an adverse event occurs. The CoronaVirus Business Continuity Plan Checklist is somewhat “information centric” as organisation’s reliance on information is increasing and its successful management provides a competitive advantage.
Simple Checklist For Creating A Business Continuity Plan
- Is OpenDNS Umbrella HIPAA Compliant?
- How To Ping With Date and Time To TXT File Using CMD
- Zeus Sphinx Banking Trojan Ramps Up During COVID19
- TOP Horrible Passwords To Use For 2020
- CoronaVirus Business Continuity Plan Checklist
As the Covid-19 pandemic rises scammers are now using the fear of the public to capitalize by using a method of email phishing to steal money and data.
World Health Organisation Advice
There has been a growing confusion around the next steps to take, scammers can slip through the cracks. Health advice emails, advising people to sign up to doctor and fake links to “safety tips”.
Some emails are even claiming to have found a cure for the virus! As of yet, (13th March 2020) there is no vaccine so these emails should be deleted immediately.
To verify that an email is legitimate contact the World Health Organisation directly, and flag the phishing email as fraud if it is so to help others avoid making the mistake of giving these scammers their details.
The World Health Organisation has recommended to check the original email address to make sure it is a legitimate email, look closely- scammers will create emails as close to the WHO email as possible, so note any small inconsistencies.
The World Health Organisation has published the following checklist to make sure that you should refer to when assessing whether you have received a phishing email.
World Health Organization provided the following advice and will never ask the following:
- They will never ask you to login to view safety information
- They will never email attachments you didn’t ask for
- They will never ask you to visit a link outside of www.who.int
- They will never charge money to apply for a job, register for a conference, or reserve a hotel
- They will never conduct lotteries or offer prizes, grants, certificates or funding through email
- They will never ask you to donate directly to emergency response plans or funding appeals.
Scammers will be using emails, websites, phone calls, text messages, and faxes.
Many of these emails are pretending to be charitable causes, asking for donations to help research the virus! They are also pushing malware to have you download a file and then infecting yourself with ransomware. An example of a phishing email looks like the below:
Some common tip-offs that an email is phony are typos, grammatical mistakes, awkward language, missing words, extra spaces, and other signs that the email was written unprofessionally. Such emails might also ask you to look at an attachment or click a link and then give your personal information on a Web page or in a form. Or the sender’s email address might look suspicious. If you hover over the links you can even see that it would not direct you to legit URL.
- Is OpenDNS Umbrella HIPAA Compliant?
- How To Ping With Date and Time To TXT File Using CMD
- Zeus Sphinx Banking Trojan Ramps Up During COVID19
- TOP Horrible Passwords To Use For 2020
- CoronaVirus Business Continuity Plan Checklist
Unpatched systems are still a major attack vector for hackers. These unpatched systems can invite major troubles for an organization. The issue can turn worse when the organization falls victim to a data breach and compromises confidential data.
Time and time again it was found that the same vulnerabilities kept being the top vector for exploitation via phishing attacks which the payload targeted specific flaws in the Microsoft product line.
Top flaws
Some flaws that have been actively used to launch attacks are:
- CVE-2016-0189 – Memory corruption flaw in Microsoft’s Internet Explorer
- CVE-2017-8570 – Remote code execution flaw in Microsoft Office
- CVE-2017-0143 – Affects SMBv1 protocol
- CVE – 2018-11776 -Remote code execution Apache Struts
- CVE-2017-11882 – Remote code execution Microsoft Office
- CVE-2009-3129 – Remote code execution in Microsoft Excel/Word
- CVE-2017-11774 – Security Feature Bypass vulnerability in Microsoft Outlook
Bottom line
It is no surprise that Unpatched Systems Are Still A Major Attack Vector that is being leveraged for cyber attacks. With the growing number of threats taking advantage of well-known and old vulnerabilities, it is imperative that organizations patch out of date systems to protect their data, systems and critical infrastructure against hackers.
- Is OpenDNS Umbrella HIPAA Compliant?
- How To Ping With Date and Time To TXT File Using CMD
- Zeus Sphinx Banking Trojan Ramps Up During COVID19
- TOP Horrible Passwords To Use For 2020
- CoronaVirus Business Continuity Plan Checklist
The Haken malware obtains sensitive data from victims and secretly signs them up for expensive premium subscription services.
The eight apps that were found have since been removed. Users have collectively been downloaded 50,000 times. These apps were utilities and children’s games, including “Kids Coloring,” “Compass,” “qrcode,” “Fruits coloring book,” “soccer coloring book,” “fruit jump tower,” “ball number shooter” and “Inongdan.” The apps legitimately function as advertised, but in the background covertly perform an array of malicious functions.
“Haken has shown clicking capabilities while staying under the radar of Google Play,” said researchers from Check Point Research. “Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns.”
Google Play store has been battered with new variants of malware try and stay clear of random free apps that are unknown.
- Is OpenDNS Umbrella HIPAA Compliant?
- How To Ping With Date and Time To TXT File Using CMD
- Zeus Sphinx Banking Trojan Ramps Up During COVID19
- TOP Horrible Passwords To Use For 2020
- CoronaVirus Business Continuity Plan Checklist
Kaseya does an okay job to deploy software patches but we we decided it was best to create a Kaseya Script To Run Patch My PC.
This simple script grabs the latest Patch My PC from the developers website and places it into the kworking folder on the users workstation or server. The software has a string parameter to run as the System User to scan the entire system for installed apps and afterwards it will install the latest software Patch silently.
To automatically deploy this script on a scheduled basis, within Kaseya we used Policy Management and configured a new Scheduled policy to run this Patch my PC script every week.
Below you can see the Kaseya Script to run the Patch My PC. I also provided the download link for it.
<?xml version="1.0" encoding="utf-8"?>
<ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">
<Procedure name="Patch My PC" treePres="3" id="136611930" folderId="980255113206922" treeFullPath="myProcedures - pdomingues@teamlogicit.com.myProcedures - pdomingues">
<Body description="">
<If description="">
<Condition name="True" />
<Then>
<Statement name="WriteScriptLogEntry" continueOnFail="false">
<Parameter xsi:type="StringParameter" name="Comment" value="Running Patch My PC" />
</Statement>
<Statement name="GetURL" continueOnFail="false">
<Parameter xsi:type="StringParameter" name="URL" value="https://patchmypc.com/freeupdater/PatchMyPC.exe" />
<Parameter xsi:type="StringParameter" name="ResponseFileName" value="#vAgentconfiguration.AgentTempDir#\PatchMyPC.exe" />
<Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />
</Statement>
<Statement name="ExecuteShellCommand" continueOnFail="false">
<Parameter xsi:type="StringParameter" name="Command" value="#vAgentconfiguration.AgentTempDir#\PatchMyPC.exe /S" />
<Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />
<Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />
</Statement>
<Statement name="WriteScriptLogEntry" continueOnFail="false">
<Parameter xsi:type="StringParameter" name="Comment" value="Successfully Updated Software" />
</Statement>
</Then>
</If>
</Body>
</Procedure>
</ScriptExport>Patch My PC Kaseya Script
- Is OpenDNS Umbrella HIPAA Compliant?
- How To Ping With Date and Time To TXT File Using CMD
- Zeus Sphinx Banking Trojan Ramps Up During COVID19
- TOP Horrible Passwords To Use For 2020
- CoronaVirus Business Continuity Plan Checklist
Google has done a great job bringing the patch gap down to 15 days from 33 days. They also want to bring this number down further to once a week. Their goal is to quickly roll out patches for vulnerabilities.
In 2019, security researchers from Exodus Intelligence have noted that on two occasions Google Chrome’s large patch gap can be exploited by attackers.
First in April, and then in September, Exodus researchers developed a proof-of-concept exploit code for security bugs fixed in the V8 JavaScript engine that had yet to make their way downstream into the Chrome code base.
GOOGLE Chrome is doing something about it.
Google Chrome users have some good news and the Exodus team’s research on the topic and subsequent warnings did not go noticed by Google Chrome Security team.
In Google Chrome’s recently published quarterly security summary for Q4 2019, the Google engineers said they have been hard at work to reduce Chrome’s patch gap.
“We now make regular refresh releases every two weeks, containing the latest severe security fixes,” said Andrew R. Whalley, a member of the Chrome Security team.
“This has brought down the median ‘patch gap’ from 33 days in Chrome 76 to 15 days in Chrome 78, and we continue to work on improving it,” he said.
Results
Now because they also mentioned that they wanted to bring this number down further to once a week we would think that Google Chrome would be the more secure browser from other competition. Their goal is to quickly roll out patches for vulnerabilities.