Dropbox's Layered Approach to Password Security

Dropbox has battened down its security hatches. There's good reason: The

company was one of many this year that have faced nightmarish news that
rumors of a password breach were, in fact, true. It's still unclear how
Dropbox and companies including Yahoo, LinkedIn, MySpace and Twitter
were hacked, or why the stolen data only circulated more widely several
years after the intrusions. But the revelations have unnerved web
services companies and spurred a new urgency around securing passwords.

See Also: Main Cyber Attack Destinations in 2016

Dropbox's intrusion was isolated to around mid-2012, an era that Rajan
Kapoor, the company's senior manager for trust and security, says was a
very immature time for cloud services. Since then, security has "grown
up quite a bit," he says.

"The industry on the whole has learned a lot of lessons since 2012,"
Kapoor says. "Dropbox specifically has matured our security capabilities

The password breach occurred around the same time as another security
incident that became public. An attacker managed to compromise a Dropbox
employee's credentials and stole a project document that contained user
email addresses. Some users began receiving spam in German, English and
Dutch advertising gambling websites. 

Read the full story and security methodology for Dropbox Password
Protection as of October, 2016


Clinton, Trump: Head-to-Head Over Purported Russian Hacks

  A report on the verbal combat between Hillary Clinton and Donald Trump over whether the Russian government is using hacks to influence the

 U.S. presidential election leads the latest edition of the ISMG
 Security Report.

In the report, you'll hear (click player above to listen):

    DataBreachToday Executive Editor Mathew J. Schwartz discuss the
    purported Russian cyberattacks and the two presidential candidates'
    disagreement over it;
    ISMG Security and Technology Managing Editor Jeremy Kirk explain
    Dropbox's multilayered password protection strategy in the wake of
    its massive data breach;
    BankInfoSecurity and CUInfoSecurity Executive Editor Tracy Kitten
    analyze the effectiveness of a Michigan credit union's bold move to
    block members from using their payment cards at all Wendy's
    locations following a malware attack.

The ISMG Security Report appears on this and other ISMG websites on
Tuesdays and Fridays. Be sure to check out our Oct. 4 and Oct. 8
reports, which respectively analyze Trump's cybersecurity platform and
the PCI Security Standards Council's new requirements that are designed
to help thwart attempts to defeat encryption in point-of-sale devices.
The next ISMG Security Report will be posted on Friday, Oct. 14. 

Read the entire story and hear the podcast:


The 411 on the Password Black Market

See source post on LastPass Blog: https://blog.lastpass.com/2016/07/the-411-on-the-password-black-market.html

It’s no secret that passwords are becoming more and more valuable. It seems like every new day brings a new breach involving hundreds of thousands or millions of passwords. While you’re probably aware of this threat, you may not be sure why you’re at risk, and even what it means for your accounts. Do you really need to worry about every single breach? What can hackers really do with your passwords anyway?

Here’s what you need to know about the black market for passwords http://www.theatlantic.com/technology/archive/2016/02/the-black-market-for-netflix-accounts/462321/ and what you can do to protect your passwords and personal information. How passwords are stolen

The term ‘black market’ for passwords gets mentioned here and there when a data breach makes the news. It might sound far-fetched, but the truth is that on both publicly-available websites and the dark web there are stolen passwords available for sale. These are usernames and passwords that hackers obtain and sell to those who want cheap access to online services, or who may have more nefarious intentions by using them as a foothold into someone’s online identity. There are many ways attackers might try to infiltrate your online accounts and steal your passwords. Here are some of the most common methods:

In phishing attempts, a fake sender pretends to be contacting you from a reputable company where you have an account, such as Netflix or even your credit card. They’ll ask you to update your account information, like resetting your password. When you follow their links to do so and enter your username and password, it goes right into a hacker database and is usually made available for sale.

Another type of social engineering attack (meaning the user engages with the hacker to give up information) is pretexting. This entails a hacker reaching out to users and leveraging some piece of personal information to then encourage the user to give up even more information about themselves.

Seems like a no-brainer, but when you write down passwords on paper and leave it near your desk, anyone can take that information. Whether it’s someone at work or a burglar if your home is broken into or your phone is stolen, those passwords contain sensitive information that you don’t want in the hands of the wrong people.

Brute-force attacks occur when a hacker systemically and methodically attempts to guess all versions of a password until finding the correct one. This is a clear case where having a longer, more complicated, and random password is advantageous to protecting your account.

Data breaches can occur on a small or large scale, and usually occur when a database for a company, such as Target or Omni Hotels http://www.wsj.com/articles/omni-hotels-warns-of-data-breach-1468010853, is compromised. Usually attackers either gain direct access to the database to steal personal information directly, or they install malware on machines that then captures account information that is sent back to the hacker. Data leaks also happen when corporate devices like laptops or cell phones are lost or stolen, or when paperwork is mishandled. Why passwords matter

Even if your account doesn’t include access to cash or credit card numbers, it’s still extremely valuable and you don’t want it in the wrong hands. It’s likely the account includes information that a hacker could use to access other accounts via a pretexting or phishing attack, such as family member’s names (from your Netflix profiles), common running routes and your home address (from activity tracking apps like FitBit), home zip code (available in most apps), and much more. Passwords for services like Spotify Premium and Netflix may sell for as little as $0.25 http://www.digitaltrends.com/home-theater/netflix-black-market/ on the black market as people want cheap access to online services.

If that doesn’t convince you that you shouldn’t use any ‘throwaway’ passwords, this will. Consider the LinkedIn breach back in 2012; those passwords are still being sold http://money.cnn.com/2016/05/19/technology/linkedin-hack/ on the black market. You likely changed your LinkedIn password at the time of the breach, but if you used your original password for other accounts, hackers who buy the stolen credentials may now find the other sites where you used that password (think brute-force, password-reuse attacks) and be able to get into the account. That’s one good reason to never reuse passwords. How to protect your passwords

The news of so many threats can be overwhelming, but there are a few important steps you can (and should) take to prevent your password from being stolen and sold on the black market.

First off, use a unique password for every account, regardless of how sensitive you feel the information in your account is. When you have a separate password for every account, if one of your accounts is hacked and someone tries to sell or leak your password, the person who may purchase them will not be able to use that password to get into any of your other accounts. If you have trouble with that, a password manager like LastPass can remember and generate them for you.

Second, set up multifactor authentication on your accounts wherever it’s possible. Let’s say one of your passwords is stolen and made for sale on the black market. If you have multifactor authentication on that account, the person who buys your password will not be able to access the account because it requires a second form of identification or authentication that is tied to your phone or email.

Just as hackers are becoming more savvy in stealing and selling passwords, we too must become more savvy in protecting our information. If you don’t use a password manager yet, you can get started for free with LastPass https://lastpass.com/how-it-works/ in just a few minutes. This allows you to easily create and manage unique passwords because LastPass remembers those passwords for you. Already using LastPass? Try the Security Challenge https://helpdesk.lastpass.com/lastpass-security-challenge/to identify and change your reused passwords and setup two-factor https://blog.lastpass.com/2015/01/the-one-thing-you-can-do-right-now-to-be-more-secure-online-multifactor-authentication.html/ authentication for your LastPass account.

GET LASTPASS! http://lastpass.com/download

See source post on LastPass Blog: https://blog.lastpass.com/2016/07/the-411-on-the-password-black-market.html

MailEdge.net - Email | Secured Free your self from Spam and Email Threats - Start FREE http://www.MailEdge.net

Japan Issues Pokémon Go Safety Guidance

[image: Japan Issues Pokémon Go Safety Guidance]

As Japan sees the official in-country launch of the augmented reality game Pokémon Go http://www.databreachtoday.com/pokemon-go-mayhem-privacy-muggings-malware-a-9256, the government's cybersecurity organization has issued a related, nine-point safety and privacy http://www.inforisktoday.com/privacy-c-151 guide.

See Also: Achieving Advanced Threat Resilience: Best Practices for Protection, Detection and Correction http://www.databreachtoday.com/webinars/achieving-advanced-threat-resilience-best-practices-for-protection-w-906?rf=promotional_webinar

Read the story on Data Breach Today:


The warnings come after reports that some users have faced robbers, been hit by cars and even been shot at by suspicious homeowners. Meanwhile, the U.K. Coast Guard has documented what appears to be the first case involving teenagers stealing a rowboat to chase a rare Pokémon across a lake.

Japan's National Center of Incident Readiness and Strategy for Cybersecurity, which reports to the Japanese government's cabinet, issued the safety guide http://www.nisc.go.jp/active/kihon/pdf/reminder_20160721.pdf via its website as well as Twitter. The organization says the guidance - covering everything from watching for trains and heatstroke to carrying backup power supplies and having a fallback communications strategy - applies to adult and child players alike.

"Please pass this on to people around you, especially to children, so everyone can enjoy the game, and play it safely," NISC tweeted https://twitter.com/nisc_forecast/status/755720522546106369 on July 20. Japan's NISC cybersecurity agency issues 9-point safety guide for Pokémon users.

The guidance comes as the popularity of Pokémon Go - a game in which players chase virtual creatures in real-world locations - continues to explode. The concept is based on the trading-card game Pokémon, short for pocket monsters, that was first released in Japan in 1996.

Twenty years later, Nintendo, working with software developer Niantic- a spin-off from Google - and Japanese consortium The Pokémon Company, has released an augmented reality version of the game, which so far has been rolled out in 35 countries, including Australia, Britain, Canada and the United States, which as of July 18 had 21 million active Pokémon Go users.

On July 22, the game was officially released in Japan. The rollout has been delayed because of Niantic prepping additional server capacity after details of McDonald's sponsorship of the game https://www.theguardian.com/technology/2016/jul/20/pokemon-go-japan-launch-delayed-mcdonalds-sponsorship-gyms leaked. With the game's launch, McDonald's has announced that 3,000 of its fast-food locations have been turned into virtual gyms where Pokémon players can do virtual battle to earn "PokéCoins" virtual game currency. But according to an alleged memo http://krsw.2ch.net/test/read.cgi/pokego/1468943731/31 between the fast-food chain and the game makers, after the surge of interest following the leaked McDonald's sponsorship report, they worried that existing demand would exceed capacity, and delayed the rollout. Players Face Real-World Hazards

As Pokémon Go launches in Japan, officials are clearly cognizant of the risks of users staring at their smartphones while attempting to navigate a variety of privacy as well as outdoor hazards.

NISC's guidance urges users to employ "cool names that are different from real names" as well as to beware of fake versions of Pokémon Go designed to sneak malware onto their devices. Authorities also recommend all users carry backup power supplies and that children have a fallback communications plan in case their smartphone runs out of power. The guidance also recommends users pack plenty of water, watch for signs of heatstroke and avoid "dangerous zones" when chasing virtual creatures.

To date, Pokémon Go users in other countries have already faced a variety of real-world hazards. Some players have been shot at by a Floridian homeowner https://www.facebook.com/notes/flagler-county-sheriffs-office/pok%C3%A9mon-go-hunters-shot-at-this-morning-in-palm-coast/629038090604393 , fallen off a cliff http://www.latimes.com/local/lanow/la-me-ln-pokemon-go-players-stabbed-fall-off-cliff-20160714-snap-story.html or beenhit by a car http://pittsburgh.cbslocal.com/2016/07/13/tarentum-teen-hit-by-car-while-playing-pokemon-go/ .

Meanwhile, the U.K. Coast Guard http://hmcoastguard.blogspot.co.uk/2016/07/have-fun-catching-pokemon-but-be.html on July 19 reported that it had been dispatched "to investigate reports of a group of twenty youths taking a rowing boat without permission to chase a Pokémon across New Brighton marine lake." The coast guard reported that when it arrived, the teenagers had already left.

To date, thankfully, there have been no reports of Pokémon Go leading to fatalities. Investors Chase Nintendo's Stock

No one knows if the Pokémon Go hype will hold, potentially heralding a new age of gaming in which children desert living rooms en masse to chase virtual creatures outdoors. By every measure, however, the game so far continues to be a smash success. That includes the value of Nintendo's stock price, which has gained $18 billion since Pokémon Go was first released on July 6. On Tuesday, $6.6 billion in shares were exchanged - worth more than the combined turnover seen that day on the stock exchanges of Australia, Germany, Hong Kong and Switzerland, Bloomberg reports.

Meanwhile, analysts estimate that Apple could earn $3 billion in revenue from Pokémon Go within the next two years, thanks to users purchasing PokéCoins via the app store, theGuardian reports.

"We believe Apple keeps 30 percent of Pokémon Go's revenue spent on iOS devices, suggesting upside to earnings," Needham & Company brokerage analyst Laura Martin https://www.theguardian.com/technology/2016/jul/21/apple-to-make-3bn-in-revenue-from-pokemon-go wrote in a July 20 client note, Reuters reports. Apple's stock price, meanwhile, has increased by 5 percent in value since the release of the game.

"It's been nuts," Andrew Clarke http://www.bloomberg.com/news/articles/2016-07-20/traders-chasing-pokemon-dream-now-battle-over-nintendo-s-value, Hong Kong-based director of trading at Mirabaud Asia Ltd., tells Bloomberg. "The hype over the game is huge. There's been nothing like this since ... I can't remember really."

*This story has been updated to reflect the July 22 launch of Pokémon Go in Japan.*

131 Cyber Security Tips that Anyone Can Apply

*Looking to sink your teeth into some good security tips you can actually apply?*

Today’s collection of action-ready cyber security advice might be just what you need.

There are no less than 131 ways in which you can improve your online safetyand they’re all FREE to use and apply.

You’ll be surprised of the things you can do to better secure your data! All it takes is spending some time reading the right things and adjusting a few settings.

Applying these security tips feels just as good as digging into a plate of hot, fluffy, syrupy pancakes. Seriously, you have to try it! Cyber Security Tip #1: How to be realistic about your online presence

Understand that you’re an attractive target for cyber criminals.

If you have money (doesn’t matter how much), data (usernames, passwords, documents, emails, etc.) or a place to work, you’re going to be targeted.

It’s not even personal, as cyber criminals automate most of their attacks.

Don’t ever say “it can’t happen to me.”

Cyber Security Tip #2: The basics of safe online shopping

Online shopping safety: never do it from a device that isn’t yours or on a network you don’t own.

Your data could be copied and harvested by cyber criminals.

Make sure you’re the only one spending your money by:

  • Using safe network
  • Employing strong passwords (password managers FTW!)
  • Being careful about which websites you shop at
  • Never saving your card details in an online account
  • Verifying your transactions weekly to make sure there’s nothing fishy going on.

Want more tips? Get them here: https://heimdalsecurity.com/blog/ultimate-guide-shopping-online-safely/All the Actionable Tips You Need to Safely Shop Online https://heimdalsecurity.com/blog/ultimate-guide-shopping-online-safely/.

Cyber Security Tip #3: Should you plug that in?

Careful on what you plug into your computer.

Never use a USB whose source you don’t know! It can be infected with malware that can even resist formatting.

Don’t let curiosity get the best of you.

Cyber Security Tip #4: Who’s that friend request from?

Facebook friends or foes?

Cyber criminals often create fake profiles to befriend you. The ultimate goal is to get you to leak confidential data to them (either about you or the company you work for). Be careful of the friend requests you accept.

Trust no Facebook friend (unless you know them in real life and you’re absolutely, positively sure they can be trusted).

Cyber Security Tip #5: How to protect your passwords in real life

Who’s looking over your shoulder?

*Did you know that bystanders or co-workers can steal your passwords only by peeking at what you’re typing?*

This is especially true is your passwords are as easy as 123456 (please change them if it’s the case).

Take a look around and make sure everything’s safe before typing a password. Also: NEVER share your passwords. Ever.

Cyber Security Tip #6: You still need antivirus (yes, really)

Get protection for your connection!

Do a bit of research and choose an antivirus you trust. Paid is better than free. Antivirus is still very necessary, so don’t skip it.

How to do it: https://heimdalsecurity.com/blog/what-is-the-best-antivirus/What Is the Best Antivirus for My PC? A Step-By-Step Research Guide https://heimdalsecurity.com/blog/what-is-the-best-antivirus/.

Cyber Security Tip #7: Get your 2-FA on

Use 2-factor authentication everywhere you can. Set it up to receive authentication codes via sms or on an authenticator app.

Moar layers = moar securiteh!

How to do it: http://heimdalsecurity.com/blog/start-using-two-factor-authenticationWhy You Should Start Using Two-Factor Authentication Now http://heimdalsecurity.com/blog/start-using-two-factor-authentication

Cyber Security Tip #8: Keep it in check

Check your bank statements on a weekly basis (your online banking can help you do that easily).

Look for suspicious activity and, if any, alert your bank, change all passwords related to that account and make sure to activate every security measure available.

Financial malware https://heimdalsecurity.com/blog/online-financial-security-guide/ lurks just around the corner.

Cyber Security Tip #9: Lock it up

Never leave your laptop/smartphone/tablet unlocked while you’re away.

Don’t make it so easy for anyone to get into your system.

Set up a password for your account asap (it’ll only take 2-3 minutes).

Cyber Security Tip #10: How to protect what matters

Prioritize your most sensitive accounts.

Here’s a quick list:

  • Email
  • Online banking / Paypal
  • Amazon / other ecommerce website you use
  • Any account where you’ve put in your card details
  • Any account that has sensitive info (social security number, address, phone no., etc.).

Secure them with strong passwords + two-factor authentication.

Make it as difficult as possible for anyone other than yourself to access them.

Be a cyber security ninja!

Cyber Security Tip #11: Cleaning out your closet

Here’s a tip that applies to both your wardrobe and your apps: if you haven’t used it in the past 6 months, it should go.

Clean out old apps https://heimdalsecurity.com/blog/spring-cleaning-remove-old-software-makes-pc-vulnerable/ you don’t use to get rid of vulnerabilities that cyber criminals can exploit.

Keep it fresh!

Cyber Security Tip #12: A cure for your Internet addiction

How badly do you need to use someone else’s computer?

You can never know if someone else’s computer is infected with malware, has a keylogger (that tracks and stores everything you type on the keyboard) or is simply unsafe.

Stick to your own devices as much as possible.

Cyber Security Tip #13: Trace your digital steps

Do an inventory of your digital footprint.

Step 1: Make a list of online accounts. Step 2: Set strong passwords for them. All of them. Step 3: Delete the accounts you haven’t used in the past 6 months.

Decluttering feels goooood!

Cyber Security Tip #14: Why paranoia can be good

It’s okay to be (a little) paranoid.

Being aware of what’s going on, online and offline, can help you keep safe from compromise. Simple rules to live by online: If it sounds/looks too good to be true, it’s probably not true. If it looks fishy, better stay away. If someone asks for your confidential data, don’t give it to them.

In small doses, paranoia is a good thing.

Cyber Security Tip #15: Ulterior motives

Linkedin recruiter or attacker in disguise?

Cyber criminals often create fake Linkedin profiles to gain access to details about you that they can use later. They collect data about your studies, names of employers and connections, etc.

Check out their profiles before accepting their connection request. Warning signs to look for:

  • too little, generic info
  • picture that looks like stock photography
  • Very few connections.

Cyber Security Tip #16: How to automate software updates for free

*Did you know that updating your apps can prevent 85% or targeted attacks?*(According to US-CERT http://www.zdnet.com/article/in-patches-we-trust-why-software-updates-have-to-get-better/#ftag=RSSbaffb68 .)

Rule of thumb: keep your operating system and your applications up to date. All. The. Time. No exceptions!

*Don’t have time / don’t feel like dealing with constant updates for your apps?* Get http://heimdalsecurityagent.com/en/products/heimdal-freeHeimdal FREE http://heimdalsecurityagent.com/en/products/heimdal-free and let it do it for you.

Update me, baby, one more time!

Cyber Security Tip #17: Beef up your passwords

One of the key pieces of advice that all cyber security specialists give is so simple it’ll blow your mind:

Never, ever (ever, ever, ever!) reuse passwords!

And don’t think that choosing “password123” and “passwords1234” means you’re doing it right.

This is what a good password looks like (but don’t use this one): c.*%7(:wQ,28{T^7

Online password generator: https://identitysafe.norton.com/password-generator/ https://identitysafe.norton.com/password-generator/ Check your passwords’ strength: https://howsecureismypassword.net/ https://howsecureismypassword.net/

Can’t remember them? (Of course you can’t. I can’t either.) Use a password manager.

Cyber Security Tip #18: Be wary of social engineering

Social engineering is quite big with cyber criminals.

What it is: a type of psychological manipulation to get people to bypass normal security procedures or divulge confidential information.

How it can happen:

  • At home: someone pretending to be from your bank can call to ask you for your online banking password via a link provided by that person. Your password could be harvested and then used to empty your account.
  • In the workplace: a contractor your company works with asks for private company information that grants access into your system.

In both cases, you answer should be a big, fat NO. Check with your boss and double check info directly with any company/institution before providing any confidential info.

Cyber Security Tip #19: Ransomware 101

Ransomware is one of the biggest cyber threats out there. What it does is it encrypts ALL your data and locks you out. It also asks for a ransom, typically between $200 and $500, to give you de decryption key.

To protect yourself against ransomware, do this:

  • Do frequent data backups (in multiple locations)
  • Don’t keep vital information only on your computer
  • Never access .zip attachments in e-mails from unknown senders
  • Don’t click links in e-mails from unknown senders
  • Keep your OS and apps up to date at all times
  • Use a reliable antivirus
  • Add another layer of security with a product that protects you from attacks that antivirus can’t block (Heimdal PRO https://heimdalsecurity.com/en/products/heimdal-pro is an option).

Wanna know more? Check out this https://heimdalsecurity.com/blog/what-is-ransomware-protection/anti-ransomware protection guide https://heimdalsecurity.com/blog/what-is-ransomware-protection/.

Cyber Security Tip #20: Too good to be hacked

A lot of people think:

“I don’t need security programs because I don’t access unsafe locations.”

First of all, even legit websites can be compromised. Second of all, there are plenty of attacks that happen without user action (aka clicking on something, downloading data, etc.) – they’re called drive-by attacks. Third, even if you were a cyber security expert, there are still plenty of vulnerabilities that attackers can exploit to get to you.

To be safe online is quite similar to driving your car. You may have common sense and pay attention to potential dangers, *but can you always predict what others are doing around you, in traffic?*

Don’t think you’re too good to be hacked. You’re not. No one is. (Sorry to burst your bubble there.)

[image: hackerman] https://heimdalsecurity.com/blog/wp-content/uploads/daily-tip-20.gif

See the source post with the remaining free Cyber Tips from Heimdal Security here:


Fwd: Ransomware Tips: Fighting the Epidemic

Kaspersky's Vitaly Kamluk Shares Insights on Protection, Regional Trends

Ransomware has fast become a chronic issue globally, and the impacts are being felt in Southeast Asia. In India, for instance, while there isn't much reporting happening, it is common knowledge that government and BFSI institutions are hot targets. Ransomware is popular with cybercriminals because it often leads to easy money. Enterprises find it expedient to pay a small ransom and make the problem go away, rather than suffer business downtime.

Vitaly Kamluk, Kaspersky Lab's director of the global research and analysis team in APAC, argues that paying the ransom is a bad idea. It can be bad for the ecosystem, reinforcing the cybercriminal business model. And it can also be bad for the enterprise, where instances of a more ransom demands are not unheard of, he says. In some cases, the keys are never shared (see: *Ransomware: Is It Ever OK to Pay?* http://www.inforisktoday.asia/ransomware-ever-ok-to-pay-a-9036).

"Ransomware is a very common and emerging problem in the whole of Southeast Asia and in India specifically," Kamluk says in an interview with Information Security Media Group. "In fact, according to Kaspersky sensors, India has the highest number of infections for TeslaCrypt - one of the most popular ransomware variants."

Encryption-based http://www.inforisktoday.asia/encryption-c-209 ransomware is the bigger threat, because these attacks use cryptographic algorithms that are not breakable at the moment, he says. The secret key used by the ransomware is critical to decrypt victim data. While security companies have sometimes been able to find vulnerabilities in the implementation of crypto-algorithms in the malware, leading to a possibility of decrypting the data without knowing the key, this is only in the case of specific symmetric encryption, he says. In cases where the more advanced asymmetric encryption is used, decryption without the key is not possible (see: *Phishing, Ransomware on the Rise* http://www.inforisktoday.asia/phishing-ransomware-on-rise-a-8955#.VuFsBhZawoI.twitter ).

In such cases, collaboration with law enforcement and ISPs has been successful, with law enforcement authorities taking down the servers being used by cybercriminals and then allowing security players like Kaspersky access to the hard drives to extract keys. Some public decryption is now possible due to this and cases such as the TeslaCrypt ransomware, where the keys have been released to the public by the authors. Free tools have been built to help decrypt data where such crypto keys are publicly available, he says.

Of course, prevention is always better, and some easy steps can be followed to minimize exposure. Ensure that proper awareness training is given to employees on the risks and attacks vectors used by ransomware, Kamluk advises. Use a good AV product and also ensure that your system is up to date. If your systems are not patched and updated, you could still get infected even when visiting a trusted site through malicious injections in the ad-banner networks that can lead to an automatic compromise (see: *No-Brainer Ransomware Defenses* http://www.inforisktoday.asia/interviews/no-brainer-ransomware-defenses-i-3227 ).

"Cybercriminals are relying on the fact that users are lazy and don't update their systems. That is why many vulnerabilities that have been patched are still working and can be exploited to compromise systems," he says.

In this interview, (see audio player link below image), Kamluk http://www.inforisktoday.asia/compromised-rdp-server-tally-from-xdedic-may-be-higher-a-9218 shares tips and techniques to better protect against the prevalent ransomware attack trends in the region. He also shares broader insight on the Asian security landscape, commenting on:

  • Attack trends and types of threat actors;
  • Attacker motivation and changing landscape;
  • Emerging threats to prepare for.

Kamluk is Kaspersky Lab's director of the global research and analysis team in APAC and has been involved in malware research at the firm since 2005. In 2008, he was appointed senior anti-virus expert, before going on to become director of the EEMEA Research Center in 2009. He spent a year in Japan focusing on major local threats affecting the region. In 2014, he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he works in the INTERPOL Digital Crime Center specializing in malware reverse engineering, digital forensics and cybercrime investigation. He remains a principal security researcher at Kaspersky Lab.

Read the source post on Data Breach Today:


Sent with MailTrack https://mailtrack.io/install?source=signature&lang=en&[email protected]&idSignature=22

Hospitals and Ransomware: The Temptation to Pay

Some healthcare entities may be more likely than organizations in other sectors to pay extortionists to unlock data that's been encrypted in ransomware http://www.healthcareinfosecurity.com/anti-malware-c-309 attacks because patients' lives are potentially at risk if data is unavailable, says privacy http://www.healthcareinfosecurity.com/privacy-c-151and security expert Kate Borten.

See Also: Unlocking Software Innovation with Secure Data as a Service http://www.databreachtoday.com/webinars/unlocking-software-innovation-secure-data-as-service-w-895?rf=promotional_webinar

"Even though law enforcement would say 'don't pay, these guys are criminals, and we don't want to encourage criminal behavior, and you can't trust them,' ... the reality is that this is a business decision, and each organization needs to consider what the impact is," says Borten, founder and president of consulting firm The Marblehead Group.

"In healthcare, for provider organizations, the ultimate [consideration] is patient care, and if the attack has the potential to affect care of patients, then I think we see hospitals ... paying the ransom in some cases."

For example, Hollywood Presbyterian Medical Center http://www.healthcareinfosecurity.com/ransomware-hits-hospitals-a-8872 in February said it paid attackers about $17,000 in bitcoin to unlock patient data after a ransomware scheme.

Healthcare entities need to keep in mind that there are other potential threats posed by ransomware beyond locking up patient information, Borten notes. "We can never assume that all it's doing is simply encrypting http://www.healthcareinfosecurity.com/encryption-c-209 the data. That might be what we see because we can't get to our files, but there may be much more going on."

Organizations can avoid having to making a difficult decision about whether to pay a ransom after an attack, Borten says, if they take appropriate defensive precautions, such as properly backing up data to ensure availability.

In an interview at the Boston Fraud and Breach Prevention Summit http://events.ismgcorp.com/event/fraud-breach-prevention-boston-2016/?rf=trending, Borten also discusses:

Before founding The Marblehead Group http://marbleheadgroup.com/, Borten led the enterprisewide security program at Massachusetts General Hospital in Boston and established the first information security program at Beth Israel Deaconess Medical Center and its parent organization, CareGroup, as its CISO.

Read the source post by Data Breach Today


Databases from Hot Scripts, Mac Forums, Web Hosting Talk Surface on the Dark Web

Almost 1.7 million users affected by latest breaches

A hacker who goes by the name of uid0 claims to have breached three websites belonging to Penton Technology: Hot Scripts, Mac Forums, and Web Hosting Talk.

The hacker is now selling the data through The Real Deal Dark Web marketplace, like many other hackers have done before him.

vBulletin zero-day?

In an encrypted conversation with your reporter, the hacker claims that he was able to obtain full database dumps from all three websites. This includes user records, private messages, site content, hashed and salted passwords.

Two of these websites, Mac Forums and Web Hosting Talk, run on the vBulletin forum platform. The hacker claims that he's in possession of a vBulletin zero-day, which allowed him access to these two sites.

It is currently unclear how the hacker breached the Hot Scripts service but shared servers might explain how he was able to acquire this service's database. This scenario is only unconfirmed speculation since Penton has yet to respond to Softpedia's request for comments.

Hacker leaks data for nearly 1,7 million users

According to uid0, the Mac Forums database contains the private details of over 291,000 users, the Hot Scripts database comprises details of over one million users, and the Web Hosting Talk data dump contains details on over 400,000 users.

The hacker is asking for 1.2 Bitcoin (~$800) for the Mac Forums database, and 3 Bitcoin (~$2,000) for each of the Hot Scripts and Web Hosting Talk databases.

In recent months, several database dumps belonging to LinkedIn, Tumblr, and MySpace have surfaced years after hackers breached those services. The hacker claims to have breached and dumped the data this year, in 2016.

Your reporter was not able to verify the validity of the hacker's data because uid0 deferred the release of sample data to a later date. On the Dark Web marketplace, the seller has a 100% positive feedback, meaning previous buyers have not complained about fake data.

Softpedia has also reached out to vBulletin regarding the hacker's claim to be in possession of a zero-day vulnerability.

Affected users should reset passwords ASAP

Users of these three services are advised to reset their passwords as soon as possible to avoid having their accounts compromised.

If they used the same username-password combo on other sites, they should change those credentials as well, since crooks have started to launch brute-force attacks on accounts on other sites using previously compromised credentials. One such service that has seen this kind of attacks is GitHub. Netflix and Facebook have taken special steps to prevent similar incidents.

Additionally, many of today's CEOs have had various social media accounts hacked using this type of method. The most famous case is Mark Zuckerberg, who had his Twitter and Pinterest accounts hacked because he used the same password he employed for his LinkedIn account, which was included in the recent publicly disclosed breach, also available for sale on the Dark Web.

Read more: http://news.softpedia.com/news/databases-from-hot-scripts-mac-forums-web-hosting-talk-surface-on-the-dark-web-506129.shtml#ixzz4E71deqQV


Mac-Forums, Hot Scripts, and Web Hosting Talk databases for sale

Three websites owned by Penton Technology, acquired in 2015 as part of the purchase of iNET Interactive – MacForums.com, HotScripts.com, and WebHostingTalk.com – have been compromised and their databases are now being sold on the Darknet.


CSO Threat Intelligence Survival Guide

If enterprises want to understand how they can better invest in security defenses, build the necessary


On TheRealDeal website, a vendor with a solid reputation is offering the Mac-Forums database for ~$775.00, which includes 291,214 accounts.

The Hot Scripts database, with more than a million users, is currently going for ~$1,900.00.

How to respond to ransomware threats

The Web Hosting Talk database, with 498,321 users, is also available for ~$1,900.00.

Salted Hash has reached out to Penton Technology for additional details and comment. We'll update this story should they respond. For now, if you have an account on one of these websites, you should change your password.

Earlier this morning, Salted Hash reported the news that a number of Apple IDs have been compromised; leading some to speculate that there's been a breach at Apple. However, while a breach isn't confirmed – it's just a rumor at this point – what is verifiable is the trend of Apple devices being held for ransom.

It's possible that many of the ransom victims have been recycling their Apple ID credentials on other websites that have been compromised such as LinkedIn, or more recently Mac-Forums or Hot Scripts.

Source: http://www.csoonline.com/article/3093018/security/mac-forums-hot-scripts-and-web-hosting-talk-databases-for-sale.html


MailEdge.net Global Infrastructure and MX Records

Our spam services by way of http://www.MailEdge.net is powered and hosted in multiple datacenter locations across the global - supported by our partnership with i3D.net

Priority Balanced MX Records for our service offerings - reinforced by i3D.net network infrastructure.

i3D.net Company Informationi3D.net is a managed-hosting provider based in Rotterdam, the Netherlands, serving over 31,000 customers on 10,000 i3D.net servers in 16 data-center locations worldwide. i3D.net was founded in 2004 in Rotterdam and enjoys a long tradition of award-winning company growth: It is listed in the Deloitte Technology Fast 500 as the fastest growing hosting company in the Benelux and it is the winner of the FD Gouden Gazellen award as fastest growing profitable company in 2009-2012. The i3D.net team of highly-skilled technical engineers provides online infrastructure services and managed-hosting solutions to a broad range of organizations. Customers from the government, education, health care, sports, gaming, web-shop, hosting and print-/about/ sectors are currently being supported by i3D.net services. i3D.net owns data centers and over 10,000 servers worldwide, we are a fast-growing and financially solid organization. We are AA rated as measured by independent financial institutions. i3D.net is certified and audited annually on the CDSA (Content Protection & Security) certification.

i3D.net Datacenters

In 2009, i3D.net founded a flagship data-center in Rotterdam, the Netherlands, which has grown into the largest Rotterdam internet exchange: SmartDC. The data center is 36,000 ft² in size and has a power capacity of 12 MW. The SmartDC datacenter is located in the monumental Van Nelle plant in Rotterdam which is on the UNESCO World Heritage tentative list.

SmartDC is well known for its unique suite concept featuring private cages and suites built as datacenter in a datacenter. Every suite is a stand-alone data center with dedicated cooling, power breakers, security measures and fire surpression. SmartDC builds and operates these suites. The SmartDC data centers are ISO/IEC 27001 and CDSA (Content Protection & Security) certified and yearly audited.

The data center was built to offer Tier-3+ specifications with N+1 cooling, N+1 uninterruptible power supplies (UPS), N+1 generators and two transformers providing 23,000 Volt mains power for a total potential power usage of 12 MegaWatt (MW). The meet-me-room (MMR) provides connectivity to Tier-1 and Tier-2 carriers.

i3D.net NetworkWe operate a large internet ‘backbone’ across Europe and the United States which is connected to over 1,600 peers on the world’s largest internet exchanges: AMS-IX, DEC-IX, LINX, NL-ix, PLIX, NoVA and multiple tier-1 providers such as Level3, NTT, DTAG. The i3D.net network uses AS49544 and provides a capacity of 435 Gigabit/s. The core network architecture is MPLS-based and runs on Brocade MLXe core routers.


i3D.net winner of Gouden GazellenIn November 2012, i3D.net won the Financieele Dagblad Gouden Gazellen for fastest growing profitable company in South-Holland. Our company is also ranked for the 4th year in the Deloitte Fast 500 EMEA for fastest growing technology companies.

i3D.net facts

  • Owns and operates over 10,000 servers
  • Provide datacenter housing to colocation servers
  • 16 locations worldwide
  • 24/7 technical support
  • Certified professionals
  • Ranked among the Deloitte Fast500 of fastest-growing technology companies
  • Winner of the Financieele Dagblad ‘Gouden Gazellen’ award
  • CDSA audited on Content Protection & Security
  • ISO/IEC 27001 audited datacenters
  • Member of the Dutch Hosting Provider Association (DHPA)
  • The i3D.net management has over 10 years of experience in the industry

SpamExperts | MailEdge.net Top Software Updates 2nd Quarter 2016

June is coming to an end and so is the second quarter of 2016, meaning that it’s time for another Software Updates blog post. We’ve been hard at work adding new features and improving old ones, implementing new ways to combat spam, phishing attempts, and other such hazards.

Before we go in-depth, talking about what’s new in our software, Frontend/GUI, and Plugins & Integration, we want to thank our awesome development team for the great updates this quarter. Archive Indexing Upgrades

The SpamExperts email archiving product allows searching within not just the text content in emails, but also the message headers, text found in images attached to messages, and text in PDF and Microsoft Word attachments. Via the Control Panel, clients can now disable and re-enable indexing of each type of content via the archive “Settings” page for each domain. Custom Cluster Configuration

We have implemented new capabilities in the way we support server roles within the cluster. We now allow the use of multiple logging servers or quarantine servers when needed. This is especially useful on large clusters that use multiple servers for a single role to help with the logging and quarantining tasks. SSO for LDAP

As of June, we have added the possibility to use SSO against an LDAP server. Basically, what this entails is that email users can log in to the web interface using their credentials in the company’s own internal system, by authenticating against an LDAP server.

For more information about LDAP authentication, please check this article https://my.spamexperts.com/kb/738/LDAP-Syncronization.html. UI ImprovementsUpgraded Attachment Restrictions Page

The “Attachment Restrictions” page has received a few new features that will improve the user experience, such as the option to block potentially unwanted attachments and those messages that contain many defects. To better convey the functionality of the “Block dangerous attachments” option, we renamed it to “Block attachments that contain hidden executables”.

Furthermore, we’ve reorganised the “Blocked Extensions” section, so that it’s easier to work with. Locking Senders from the Control Panel

SpamExperts clients can now immediately lock the problematic user directly from the web interface so that they aren’t able to do any more damage while they contact them to resolve the problem.

For a step by step tutorial, please refer to our Knowledgebase article https://my.spamexperts.com/kb/731/Outbound-Spam-Monitoring.html. (check Locking senders based on the Identity header within the Control Panel chapter) New/Updated FeaturesVerify Domain Ownership

We’ve created a new method to verify ownership of a domain without implying that the control panel give access to all domain level users. For incoming filter, it’s pretty straightforward, but for outgoing, things got a little bit trickier. The new method simply lets a user (at domain level or higher) demonstrate that he/she controls the DNS for a domain, by adding a simple CNAME record. This functionality is found on the dashboard in the “Domains” section, under “Domain ownership”. In later updates, we will be making use of this functionality to provide secure and private access to the outgoing filter users’ mail at levels lower than super-user. Select Archived Message Download

There’s a new feature available for users to easily download a range of messages that match whatever search criteria they choose. The download will happen in the browser, and users will be delivered a .zip archive that contains the message in the standard RFC 5322 format. It’s the most convenient method of retrieving specific messages quickly, rather than using the more complex export functionality to get the bulk of messages, all at once. Exposed Statistics Page at the Admin Level

The “Manage Admins” page in the web interface has been updated to show admins and their sub-admins. A super-admin will be able to see a list of all admins and their related sub-admins in the cluster. Plugins and Integration

We have added documentation for a new plugin with HostBill, a leading Billing & Automation platform. Check this article https://my.spamexperts.com/kb/763/HostBill-Integration.html for details. Our partners at HostBill have provided the integration and are currently maintaining it to be as smooth as possible. The integration is aimed at two user levels, Reseller and Single User.

Significant improvement updates have been added to the APS 2.0 add-on, which can be viewed in the public GitHub https://github.com/SpamExperts/aps2-addon/blame/master/src/APP-META.xml.

We constantly seek new ways to maintain our products and deliver industry standard software and service. Any feedback is welcome as we aim to provide a tailored user experience for our clients, whilst effectively combating spam.

What is Spam and a Phishing Scam - Definition

*Spam is a form of electronic junk mail sent en masse to users. While annoying in its own right, it can potentially be very dangerous if part of a larger phishing scam. Phishing scams are a form of cybercrime that involves defrauding users by acting as legitimate companies or organizations in order to obtain sensitive information such as passwords and login credentials.*

Spam is the electronic equivalent of the ‘junk mail’ that arrives on your doormat or in your postbox. However, spam is more than just annoying. It can be dangerous – especially if it’s part of a phishing scam.

Spam emails are sent out in mass quantities by spammers and cybercriminals https://usa.kaspersky.com/internet-security-center/threats/cybercrime that are looking to do one or more of the following:

  • Make money from the small percentage of recipients that actually respond to the message
  • Run phishing scams – in order to obtain passwords, credit card numbers, bank account details, and more
  • Spread malicious code onto recipients’ computers

How to protect yourself against spam email and phishing

Here are some useful tips – from Kaspersky Lab’s team of Internet security experts – to help you reduce the amount of spam email you receive:

  • Set up multiple email addresses It’s a good idea to have at least two email addresses:
    • Private email address This should only be used for personal correspondence. Because spammers build lists of possible email addresses – by using combinations of obvious names, words, and numbers – you should try to make this address difficult for a spammer to guess. Your private address should not simply be your first and last name – and you should protect the address by doing the following:
    • Never publish your private email address on publicly accessible online resources.
      • If you must publish your private address electronically, try to mask it – in order to avoid having the address picked up by spammers. For example, ‘[email protected]’ is an easy address for spammers to find. Try writing it as ‘Joe-dot-Smith-at-yahoo.com’ instead.
      • When you need to publish your private address on a website, it’s safer to do this as a graphics file rather than as a link.
      • If your private address is discovered by spammers – you should change it. Although this may be inconvenient, changing your email address will help you to avoid spam.
    • Public email address Use this address when you need to register on public forums and in chat rooms, or to subscribe to mailing lists and other Internet services. The following tips will also help you to reduce the volume of spam you receive via your public email address:
    • Treat your public address as a temporary address. The chances are high that spammers will rapidly get hold of your public address – especially if it is frequently being used on the Internet.
      • Don't be afraid to change your public email address often.
      • Consider using a number of public addresses. That way you’ll have a better chance of tracing which services may be selling your address to spammers.
    • Never respond to any spam Most spammers verify receipt and log responses. The more you respond, the more spam you’re likely to receive.
  • Think before you click ‘unsubscribe’ Spammers send fake unsubscribe letters, in an attempt to collect active email addresses. If you click 'unsubscribe' in one of these letters, it may simply increase the amount of spam you receive. Do not click on 'unsubscribe' links in emails that come from unknown sources.
  • Keep your browser updated Make sure that you use the latest version of your web browser and that all of the latest Internet security patches have been applied.
  • Use anti-spam filters Only open email accounts with providers that include spam filtering.

Sent with MailTrack https://mailtrack.io/install?source=signature&lang=en&[email protected]&idSignature=22

'Resume' Spam Used to Spread CryptoWall 3.0 Ransomware

“*Hello, my name is XXXXX. Resume attached. I look forward to seeing you. Sincerely yours, XXXXX*”

With a short, simple message sent via email, a curious recipient could be lured to look into and access an attachment that was designed to look like a resume. And with one click of a download button, the recipient's system can be infected with ransomware. The method used may be simple, but the effect could be crippling.

A new spam run was recently spotted involving a ransomware http://www.trendmicro.com/vinfo/us/security/definition/ransomware#The_Evolution_to_CryptoLocker-carrying attachment. The scheme invites the recipient to download and view the sender’s resume (my_resume_pdf_id_1422-7311.scr), which leads to the execution of a malicious file. Once downloaded and executed, the affected system is locked down and displays a message that notifies the victim that the files are encrypted with RSA-2048 https://en.wikipedia.org/wiki/RSA_(cryptosystem) using CryptoWall 3.0 http://blog.trendmicro.com/trendlabs-security-intelligence/cryptowall-3-0-ransomware-partners-with-fareit-spyware/. Ultimately, this means that the documents and data stored in the system can no longer be accessed unless the victim pays the cybercriminal.

CryptoWall 3.0

Crypto-ransomware http://blog.trendmicro.com/trendlabs-security-intelligence/threat-refinement-ensues-with-crypto-locker-shotodor-backdoor/, widely-publicized as the more lethal descendant of ransomware, possesses advanced encrypting capabilities that make files unusable unless a ransom is paid. Last year, a crypto-ransomware variant, CryptoWall, made noise as the final payload of spammed messages http://blog.trendmicro.com/trendlabs-security-intelligence/social-engineering-watch-upatre-malware-abuses-dropbox-links/ that directly opens a Tor website used to extort money from its victim.

CryptoWall 3.0 is another evolved variant that uses hardcoded URLs that are heavily obfuscated to evade detection. This buys the malware more time to communicate to a C&C server and acquire the RSA public key needed to carry out its file encryption tactics. The C&C server is different from its payment page, which still uses Tor, to ensure that such transactions will continue running without interference from the authorities. CryptoWall 3.0 also employs “smarter” measures of deleting the target system’s shadow copies to prevent attempts of restoring files to its previous state—leaving a victim without any other option but to pay up. Read the source story here http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/-resume-spam-used-to-spread-cryptowall-3-0-ransomware

Real Time Web Analytics