Professional IT, Technology and MSP Services for Small and Medium Enterprises serving Western Northern Virginia, the Piedmont area and special projects.
Professional IT Services for Small Enterprise
Operating as usual
🤨 Just so you guys are aware. Houzz.com got hacked and 57 MILLLLLion records of Houzz users were compromised and are for sale on the Dark Web. SALE!!!
Snake in the NEST
Google said there’s absolutely, positively nothing to worry about the secret microphone in your Nest Secure smart home hub that it didn’t tell you about. Nope, not at all. Just an oversight, said Google. No need to be alarmed. Everything is just fine.
When Google announced earlier this month that its Nest Secure would double-up as a Google Assistant, it sparked anger. Google hadn’t told anyone that the security hub had a microphone inside to begin with. There was no mention of the microphone on the initial list of tech specifications, nor was it mentioned after the company announced Google Assistant integration. (It’s there now.)
After Google, which owns Nest, realized its customers didn’t like being deceived or having their privacy violated, the company swallowed its pride and admitted fault.
“The on-device microphone was never intended to be a secret and should have been listed in the tech specs,” said Google spokesperson Nicol Addison in an email to TechCrunch. “That was an error on our part. The microphone has never been on and is only activated when users specifically enable the option.”
Business Insider first reported the news.
Google said that security systems “often use microphones to provide features that rely on sound sensing and included the microphone so it could “potentially offer additional features to our users in the future, such as the ability to detect broken glass.”
No doubt it’s a smart, if not terribly executed idea.
You can forgive a company for not wanting to drop the ball on its own future product line-up announcements, but not disclosing the inclusion of a microphone in a device that sits in your home just looks bad. And it couldn’t come at a worst time for tech giants, as they try to clamber back any ounce of respect they have from privacy-conscious consumers.
It makes you wonder how many other devices you have in your home — and out in the world — that could be used to spy on you.
Just this week, Singapore Airlines landed itself in hot water after passengers discovered cameras embedded in the in-flight entertainment systems. The airline said in a tweet that the cameras were included as standard by the original manufacturer and that it has “no plans to enable or develop any features using the cameras.”
No plans doesn’t mean “never.” And, just like the Nest device, the customer would have no way of knowing if it was in use anyway.
Why cable companies should not try to be Internet companies. Second time this month!
cnet.com For a minute there, it looked like the whole internet was down.
Your Uncle Abegunde may be out of cash...
inforisktoday.com A six-month coordinated global law enforcement effort to crack down on business email compromise schemes has resulted in 74 arrests, the U.S. Department of Justice
A ticket for a ride...
gizmodo.com One week after suffering a hack that took its website and services offline, events ticketing company Ticketfly revealed Thursday just how bad the data breach was, and it certainly doesn’t look great. According to the company, the personal information of 27 million accounts—including ticket buyer...
Geeee.........What a complete surprise. :o|
securityweek.com Facebook said a software glitch that changed the settings of some 14 million users, potentially making some posts public even if they were intended to be private.
Costly with or without the ransom!
securityweek.com Atlanta information management head Daphne Rackley told the City Council that the Atlanta ransomware attack is likely to require an additional $9.5 million over the coming year because of the ransomware.
GovCon Get your stuff together!!!!!! I am tired of seeing these articles and am digusted by leaders who do not take the threat seriously.
gizmodo.com Hackers working for the Chinese government compromised a US Navy contractor and stole a massive cache of highly sensitive data, including details about a planned supersonic anti-ship missile, American officials said Friday.
A Case for Secure Email.
infosecurity-magazine.com Man-in-the-email is a variation on the man-in-the-middle attack. In this fraud the attacker takes an e-mail position between a buyer and seller, and is able to defraud the buyer out of funds and the seller out of goods. The FBI knows at least three US companies tricked by such a scam in 2013.
No smiles for Coke employees...
infosecurity-magazine.com A former Coca-Cola employee stole a hard drive containing the data of 8,000 workers.
Deal with the stress of reality don't create more in fantasy.
infosecurity-magazine.com A malicious link to the Relieve Stress Paint app targets Facebook users.
What a waste of time and effort...
forbes.com Student hackers have struck again, and this time they tried to do more than just change grades.
[06/08/18] A Ticket to Uh Oh.
securityweek.com A security researcher discovered that it was possible to bypass Google’s reCAPTCHA via HTTP parameter pollution.
NoKo backing off in cyber?
securityweek.com A threat actor linked to North Korea’s Lazarus Group has stopped targeting organizations in the US, but remains active in Europe and East Asia
The Problem is MUCH bigger than your control domain...
bankinfosecurity.com At least 500,000 routers, mostly located in Ukraine, have been infected with "VPN Filter" malware that experts believe is a prelude to a massive
Welcome to the Party Europol.
securityweek.com The European Union’s law enforcement agency has created a dedicated team that will be investigating activity across the dark web.
Google, Maybe you can set up shop in North Korea?
crn.com Google has reportedly lost employees over its participation with the Pentagon over Project Maven, and now the cloud giant is reportedly not renewing the controversial contract.
Traitor!!!! Who the heck is letting these guys in?!!!!!
careersinfosecurity.com A former CIA software engineer who is facing child po*******hy charges is a possible suspect in the largest-ever leak of classified information from the spy agency.
theverge.com How total data collection could reshape society.
Vulnerability with Adobe Reader. Read on.
Malicious PDF Leads to Discovery of Adobe Reader, Windows Zero-Days
By Eduard Kovacs on May 16, 2018
Researchers at ESET recently came across a malicious PDF file set up to exploit two zero-day vulnerabilities affecting Adobe Reader and Microsoft Windows.
The malicious document leverages a privilege escalation flaw in Windows (CVE-2018-8120) and a remote code ex*****on vulnerability in Adobe Reader (CVE-2018-4990). CVE-2018-8120 is one of the two zero-day vulnerabilities fixed by Microsoft with its May 2018 Patch Tuesday updates, while CVE-2018-4990 was addressed by Adobe on May 14 with the release of updates that fix nearly 50 other issues.
By combining the two flaws, attackers can execute arbitrary code with elevated privileges with minimal user interaction – specifically, opening the malicious PDF.
In order to make it more difficult for attackers to execute arbitrary code on a system running its Reader software, Adobe has implemented a sandbox. Exploiting only CVE-2018-4990 allows code ex*****on within the sandbox, but combining it with the Windows privilege escalation flaw makes it possible to escape the sandbox and execute the code in kernel mode.
It’s worth noting that CVE-2018-8120 only affects Windows 7 and Windows Server 2008 – newer versions of the operating system include security features that prevent attacks.
ESET discovered the malicious PDF in a public malware repository (likely VirusTotal). However, the company has not shared any information on who may have found the flaws and who the attackers may have planned on targeting.
“Even though the sample does not contain a real malicious final payload, which may suggest that it was caught during its early development stages, the author(s) demonstrated a high level of skills in vulnerability discovery and exploit writing,” explained Anton Cherepanov, the ESET researcher credited by Microsoft and Adobe for reporting the flaws.
ESET has published a blog post containing technical information on both vulnerabilities.
At the time of writing, 18 of the 59 antivirus engines on VirusTotal detect the files discovered by ESET as a generic Trojan or exploit.
Using two zero-day exploits in a single file is not unheard of. Last year, the Russia-linked threat actor known as APT28, Pawn Storm, Fancy Bear, Sofacy, Sednit and Strontium leveraged an Office RCE flaw (CVE-2017-0262) and a Windows privilege escalation (CVE-2017-0263) to deliver malware.
Tricky Malware gets trickier.
securityweek.com A study found that over 98 percent of malware making it to the sandbox array uses at least one evasive tactic, and 32 percent of malware samples making it to this stage could be classified as “hyper-evasive".
securityweek.com The Dutch government is phasing out the use of anti-virus software made by Russian firm Kaspersky Lab amid fears of possible spying, despite vehement denials by the Moscow-based cyber security company.
Bad to Worse. News that's not new news.
cnbc.com Warren Buffett is concerned about the cybersecurity threat to the insurance industry.
Shut it down!
Data from millions of Facebook users who used a popular personality app, including their answers to intimate questionnaires, was left exposed online for anyone to access, a New Scientist investigation has found.
The data was highly sensitive, revealing personal details of Facebook users, such as the results of psychological tests. The credentials gave access to the “Big Five” personality scores of 3.1 million users. These scores are used in psychology to assess people’s characteristics, such as conscientiousness, agreeableness and neuroticism. The credentials also allowed access to 22 million status updates from over 150,000 users, alongside details such as age, gender and relationship status from 4.3 million people.
Academics at the University of Cambridge distributed the data from the personality quiz app myPersonality to hundreds of researchers via a website with insufficient security provisions, which led to it being left vulnerable to access for four years. Gaining access illicitly was relatively easy.
The data was highly sensitive, revealing personal details of Facebook users, such as the results of psychological tests. It was meant to be stored and shared anonymously, however such poor precautions were taken that deanonymising would not be hard.
Also see: https://www.careersinfosecurity.com/report-facebook-app-exposed-3-million-more-users-data-a-11009
careersinfosecurity.com Researchers at the University of Cambridge, via a myPersonality app on Facebook, reportedly used data from 3 million users to power a spin-off company that
Phishing on the move. - NOTE DARK WEB Reference
SAN FRANCISCO, May 08, 2018 (GLOBE NEWSWIRE) -- Mobile security specialist Wandera has released a study on mobile phishing attacks that underlines just how valuable a corporate mobile device is to today’s cyber criminals—and how phishing is the primary technique being used to exploit them.
Mobile phishing on the rise
Phishing is the number one mobile threat affecting organizations. New research in Wandera’s Phishing Report 2018 shows that mobile users are 18x more likely to be phished than to download malware, and that 4000 new mobile phishing websites are launched every day.
Corporate devices hold a vast array of data for attackers to target. While many apps are authenticated with single sign on services like Okta and OneLogin, many employees make use of their own user credentials or Facebook and Google logins. The average iOS user has 14 different accounts on their work phone, typically including services such as Amazon, Paypal and AirBnb. On Android, there are even more for the phishers to steal, with the average user having apps requiring 20 unique logins.
“Our research shows that phishers are increasingly leveraging brands that have over a billion users and a higher difficulty to breach. The price of such credentials on the dark web are increasing in price suggesting they are in higher demand,” said Michael Covington, VP of Product Strategy at Wandera.
The growth in mobile phishing
The average mobile user is 18x more likely to encounter a phishing attack than a malware attack
A new mobile phishing page is launched every 20 seconds. That’s more than 4,000 new phishing sites per day
5% of all successful mobile phishing attacks take place on dating apps
90% of cyberattacks start with a phishing attack *1
Users are 3x more likely to fall for phishing on mobile *2 than desktop
The applications where mobile phishing attacks originate 3
*A huge growth in mobile/social media phishing
Messaging (17.3%) +170% increase on 2017
Social media (16.4%) +102% increase on 2017
News and weather (3%)
Food and drink (2.2%)
Health and fitness (2.1%)
The top 5 apps for messenger phishing
Messenger (inbuilt iOS/Android)
Top 10 brands targeted by phishing attacks
5. Paypal 6. Government sites
8. Fox News
verizonenterprise.com Read Verizon's 2018 Data Breach Investigations Report (DBIR). And, for the first time, get hands-on access to data and explore the most common incident patters for your industy via DBIR Interactive.
Professional IT Services for Small and Medium Enterprises
OSOM Solutions is a premier managed technology solutions provider specializing in cyber security, disaster recovery, network engineering, design, implementation and administration, cloud and virtualization and other advanced technology planning, consulting, and management services. With unique experiences gained at the world’s most advanced and largest service providers, government agencies and Fortune 500 companies all with mission-critical operations, OSOM Solutions serves its clients with the highest level of professionalism, expertise, care and trust. We do not offer “band aid” fixes but only total system solutions coupled with out of the box innovations when needed. Founded specifically as a managed service provider in 2004 to assist with “big picture”, integrated solutions, OSOM holds a reputation of unmatched professionalism, performance and care in management of our clients’ technical operations and infrastructure.
The OSOM Companies continue to grow with additional specializations in Security, Energy and Innovations.
|Monday||8:30am - 6pm|
|Tuesday||8:30am - 6pm|
|Wednesday||8:30am - 6pm|
|Thursday||8:30am - 6pm|
|Friday||8:30am - 6pm|
Junk Removal in Northern VA. Need to get rid of junk around the house? Text us now for a quote! 724-681-3051
Bringing businesses the service they need in Web Design, Social Media Marketing, Search Engine Optimization, and Content Creation.
I'm a Realtor® in Northern Virginia and love helping people find their dream home. If you're considering a move, please contact me. I'd love to help!
Ways to make a full time income working part time from home. The opportunities I am involved in have excellent marketing tools, training, and support.
Your Independent Insurance Agent
Hitech Cloud is a Quickbooks hosting Service provider that offers Cloud Servers with instant,flexible computing capacity.http://www.hitech-cloud.com
Vector Security Networks provides single source solutions for managed network services and physical security to multi-site businesses across North America.
America's 8(a) and Business Development Experts
Mizani Fitness provides Onsite & Virtual Health and Wellness Programs Nationwide: Fitness, Health Education, Massage and More! CORPORATE | GOVERNMENT | RESIDENTIAL | VIRTUAL
Professional Personalized Service We never settle for second best. Providing clients throughout Northern Virginia with top-quality legal advice.,
I help people take printed & digital images into published projects (albums, wrapped canvas, cards, photo gifts...) Organize. Scan. Photography. Design.