image
Patrick Domingues

New SpeakUp Backdoor Infects Linux and MacOS

A new malware campaign has been found containing a new Backdoor Trojan called SpeakUp and they are targeting Linux Servers and MacOS by exploiting vulnerabilities in their systems. 

Check Point researchers stated that the malware campaign attacks Linux servers from all over the world using the CVE-2018-20062 ThinkPHP remote code execution vulnerability as an initial infection vector.

To upload a “PHP shell that serves and executes a Perl backdoor” on vulnerable Linux machines, it will employ command injection techniques to send shell commands via a GET request’s “module” parameter:

s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^>index.php

Followed by the Trojan injecting a backdoor by pulling the ibus Perl script payload and store it in /tmp/e3ac24a0bcddfacd010a6c10f4a814bc, which will immediately be launched with the help of a follow-up malicious HTTP request designed to execute the Perl-based backdoor, pause for a couple of seconds and delete the file to remove any indication that something is wrong.

The malware … Read the rest

Vulnerabilities

The Decorating Website Houzz Was Breached

The decorating website called Houzz stated that account usernames and passwords have been compromised by an unknown source. They also mentioned if their users also logged into Houzz using Facebook, their user’s public Facebook ID was exposed as well.

Houzz quickly sent emails to their users base to urge them to change their passwords.

“Houzz recently learned that a file containing some of our user data was obtained by an unauthorized third party,” which was stated on their website. “The security of user data is our priority. We immediately launched an investigation and engaged with a leading forensics firm to assist in our investigation, containment and remediation efforts. We have also notified law enforcement authorities.”

When did they find out about this incident?

“We learned about the incident in late December 2018 and immediately engaged with a leading forensics firm to assist in our investigation, containment, and remediation efforts.”

Read the rest
Data Breach

Keep Winning With Malwarebytes

Who is Malwarebytes and what do they do? Well Malwarebytes makes security software that is renowned for its malware removal capability. The software is also known for their user friendly interface and ability to work alongside classic antivirus products, without interfering with their activity.

What is Malwarebytes good at?

  • Being a second layer of defense against malware and ransomware.
  • Plays nice with other antivirus products.
  • Be well protected regardless of the browser you prefer using.

Malwarebytes for Windows Premium vs. Free

Malwarebytes is offered in two versions: Premium version and a Free version. The Free version can detect and remove malware, spyware and rookits from your machine. The Premium version does the same things, but has a few other features:

  • Real-time protection
  • Anti-exploit
  • Anti-ransomware
  • Malicious website protection

Pros and cons

Here are some pros about the Premium version of Malwarebytes for Windows:

  • It includes anti-exploit features that some traditional antivirus products do not, and which can protect
Read the rest
Software

Say Goodbye Google+

Recently on January 30th 2019 Google has announced that they will be shutting down Google+ on April 2, 2019.

Google’s Letter Below

In December 2018, we announced our decision to shut down Google+ for consumers in April 2019 due to low usage and challenges involved in maintaining a successful product that meets consumers’ expectations. We want to thank you for being part of Google+ and provide next steps, including how to download your photos and other content.

On April 2nd, your Google+ account and any Google+ pages you created will be shut down and we will begin deleting content from consumer Google+ accounts. Photos and videos from Google+ in your Album Archive and your Google+ pages will also be deleted. You can download and save your content, just make sure to do so before April. Note that photos and videos backed up in Google Photos will not be deleted.

The

Read the rest
Uncategorized

Airbus suffered a data breach.

Aerospace giant Airbus has become the latest victim to hackers, they said the company suffered a cyber attack that lead to a massive data breach which released billions of records onto the Dark Web.

“Airbus SE detected a cyber incident on Airbus ‘Commercial Aircraft business’ information systems, which resulted in unauthorized access to data,” the company says in a statement issued on Wednesday. “There is no impact on Airbus’ commercial operations.”

After reviewing the leaked records called “Collections #2-5” it contain a massive 2.2 billion stolen account records. Which is many millions of accounts shorter than the Collections #1 Dump

“2.2 billion records is a staggering number,” said Frederik Mennes, senior manager of Market & Security Strategy, Security Competence Center at OneSpan, via email. “Companies should remember that easy targets will continue to be exploited first, because cybercrime follows the path of least resistance. Applying multi-factor authentication may stop an

Read the rest
Data Breach

Is Microsoft OneDrive HIPAA Compliant?

Are you looking to find out if OneDrive is a HIPAA compliant cloud storage solution? We reviewed the Microsoft Trust Center and found a page called HIPAA and the HITECH Act.

Within the document Microsoft states the following:

“Currently there is no official certification for HIPAA or HITECH Act compliance. However, those Microsoft services covered under the BAA have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification.”

Since Microsoft OneDrive is bundled into Office 365, we decided to look for a PDF doc for Office 365 and behold Office 365 Compliance Framework for Industry Standards and Regulations . This PDF document offered a deeper insight for OneDrive and its capabilities on HIPAA compliance and the document specifically states that OneDrive for Business can be HIPAA compliant while OneDrive consumer cloud storage is not HIPAA compliant.

Is Microsoft OneDrive HIPAA Compliant?

So Is Microsoft OneDrive A HIPAA Compliant Service?

The … Read the rest

Security Policies and Compliance

What is the Tor Browser and should you use it?

The Tor Browser has been around for some time but now should you use it? You do get the anonymity and Tor’s primary benefit is that it encrypts your traffic and bounces it through a chain of computers, making it very difficult for anyone to track where you came from but is this software worth your psyche? 

I just want to mention that at least they have a positive Vision? “At the end of the day for Tor what we hope is that our technology becomes underlying, and everything else that happens online happens on top of it,” says Isabela Bagueros, executive director of the Tor Project. “Seeing interest and adoption from for-profit companies and other organizations is a very interesting moment for us, because we are creating different examples to show how our vision can be possible.”

If you have more questions about TOR, Visit the TOR FAQ

However … Read the rest

Software

Firefox 65 improved its online privacy

Mozilla has announced that the latest version Firefox 65 comes with better online privacy controls that makes it easier for you to manage what kind of information you share while you browse the internet.

In a blog post detailing the tools, Mozilla explains how it has redesigned the controls for Content Blocking in Firefox 65, with it explaining that “When it comes to user privacy, choice and control are first and foremost.”
On another note this new privacy aware browser would probably go great with duckduckgo search engine. 
Read the rest
Software

Apple Disables Group FaceTime due to Major Privacy Glitch

Apple has disabled the Group FaceTime software temporarily due to a software bug that allows other iOS users to listen in on private conversations without any notification to reject or accept a call.
The bug is believed to impact any pair of devices running iOS 12.1 or later, according to reports. Security Experts – like Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation – urged iOS users to delete the FaceTime function until a fix becomes available.

Read the rest
Vulnerabilities

Say Goodbye to Windows 7

Goodbye Windows 7 you were loved by almost everyone and was definitely better than Windows VISTA. Many users and company’s are still using windows 7 not realizing what will happen at the end of the year.

NetMarketShare’s states that 36.90% are still using Windows 7 which is fairly high. This will be the year for many computer migrations. As you know like all operating systems before it, Windows 7 will eventually reach the (EOL) end of its life-cycle which is on January 14, 2020 making an upgrade an absolutely essential for the safety of your PC. This means that your computer will no longer be getting security patches and will be vulnerable to hackers. Companies will also have to go through Server 2008 and windows 7 migrations to later Windows OS to maintain Compliance’s.… Read the rest

Software

Available On Amazon

Polls

What tutorials do you prefer?

View Results

Loading ... Loading ...

Categories

Archives

Subscribe Today

Want to know when new posts are published? Enter your email & click on that subscribe button.

Stay Informed

Receive instant notifications when new content is released.