Trend Micro: Sodinokibi Ransomware Group Adds Malvertising as Delivery Technique


June 25, 2019

Attackers behind a relatively new ransomware family called Sodinokibi (detected by Trend Micro as RANSOM.WIN32.SODINOKIBI.A) have been continuously exploring different delivery vectors since April: malicious spam, vulnerable servers, and even managed server providers (MSPs). Given the aggressive experimentation with distribution, this ambitious new player in the ransomware landscape seems to be trying to gain momentum and spread quickly. On June 23, threat analyst nao_sec found the ransomware using another new delivery technique — it was being distributed by malvertising that also directs victims to the RIG exploit kit.

Nao_sec reported to Bleeping Computer that the malicious advertisements pushing Sodinokibi were on the PopCash ad network, and certain conditions would redirect users to the exploit kit. The analyst was also able to demonstrate how the ransomware was installed via malvertising.

Past Sodinokibi incidents

In late April, it was reported that a hacking group was trying to abuse a critical vulnerability in Oracle’s WebLogic server to spread the Sodinokibi ransomware. This was particularly dangerous because the ransomware didn’t require user interaction — it usually involves tricking a victim into enabling a malicious macro or click a link to download the ransomware. In this case, the hackers simply used the vulnerability to push the ransomware onto WebLogic servers. In May, a malicious spam campaign was seen targeting German victims. The spam was camouflaged as foreclosure statements. The urgency of the mail pressures victims into enabling macros to access a malicious attachment which downloads the ransomware.

Earlier this month, a hacking group abused MSPs to deploy the ransomware onto customer networks. According to reports, three major MSPs were breached through exposed remote desktop endpoints (RDPs). From these compromised endpoints, the hackers were able to move further into the compromised systems. They were able to uninstall AV products and abuse the management software (used by MSPs to oversee workstations) to execute malicious script on remote workstations and install the Sodinokibi ransomware.

[READNarrowed Sights, Bigger Payoffs: Ransomware in 2019]

How to defend against ransomware

Sodinokibi is now using an array of vectors to infect victims. Patching and updating is important in defending against this ransomware, particularly because most of the vulnerabilities they are abusing already have available fixes. Users need to update their systems and equip themselves with the latest versions of their software and hardware.

Since Sodinokibi also relies on other techniques, such as sending spam or phishing emails, and continues to add more delivery methods to their arsenal, it is important for organizations to implement security best practices:

  • All of the organization’s users should back up their data regularly to ensure that data can be retrieved even after a successful ransomware attack.

  • Users should be wary of suspicious emails; avoid clicking on links or downloading attachments unless the recipient is certain that it came from a legitimate source.

  • Restrict the use of system administration tools to IT personnel or employees who need access.


Kubernetes Vulnerability CVE-2019-11246 Discovered Due to Incomplete Updates from a Previous Flaw


Kubernetes, which offers a container orchestration system widely used by DevOps practitioners, announced the discovery of CVE-2019-11246, a high-severity vulnerability affecting the command-line interface kubectl,during an ongoing third-party security auditExploitation of this vulnerability could lead to a directory traversal — allowing an attacker to use a malicious container to create or replace files in a user’s workstation.

Incidentally, the new flaw emerged due to incomplete updates for CVE-2019-1002101, a related vulnerability which was disclosed back in March.

[ReadPreviously Patched, Still Potentially Critical: Kubernetes’ Path Traversal Vulnerability]

The details of CVE-2019-11246 are similar to the previously-patched CVE-2019-1002101. However, due to the incomplete nature of the update, some flaws remained, resulting in the discovery of the new exploit method.

CVE-2019-11246 specifically involves kubectl cp, the command responsible for copying files between containers and user machines. As part of its copying routine, Kubernetes creates an archive by running a tar binary inside the container. It will then copy the binary over the network, after which it will be unpacked on the user’s machine by kubectl.

An attacker could exploit this by using a malicious tar binary to write files to any path on the target machine whenever kubectl cp is called. This could result in the adding of malicious files or overwriting of existing ones to compromise the environment.

CVE-2019-11246 is a client-side vulnerability, and thus requires user interaction to be exploited.

[Read: Container Security: Examining Potential Threats to the Container Environment]

Users can check whether their client version is vulnerable to the bug by running kubectl version --client. Client versions older than 1.12.9, 1.13.6, and 1.14.2 are vulnerable. Users should update their clients at the soonest possible time.

Best practices to defend against possible attacks that exploit CVE-2019-11246

To protect enterprise resources from attackers aiming to take advantage of vulnerabilities such as CVE-2019-11246, organizations should implement the following best practices:

  • Apply updates as soon as they are available to lessen the likelihood of an exploitation attack. This applies not only to container machines but to all software programs in general.

  • Avoid running containers using root privileges and instead only use them as application users. This is especially applicable in this situation given that CVE-2019-11246 is a client-side vulnerability. By limiting access to the entire cluster, the possibility of user errors could result in vulnerability exploitation is minimized.

Hacker Groups Pounce on Millions of Vulnerable Exim Servers


June 14, 2019

Multiple groups are launching attacks against exposed Exim mail servers, trying to exploit a vulnerability that could give them permanent root access. Exim servers reportedly run almost 57% of the internet’s email servers, and recent Shodan searches show millions of vulnerable machines still running. 

The attackers are exploiting CVE-2019-10149, a vulnerability also called “Return of the WIZard.” It was published on June 5 by security firm Qualys as a Remote Command Execution vulnerability affecting Exim versions 4.87 to 4.91. The vulnerability makes it possible for attackers to remotely run arbitrary commands as root on successfully exploited Exim servers.

These attacks are ongoing, but not unexpected. There were already reports of the vulnerabilitylast week; and the large number of Exim servers meant that cybercriminals had a substantial amount of targets. However, Exim users should note that a patch has been available since February. The developers addressed the security flaw with version 4.92.

Exim attackers

Two groups have been seen attacking Exim servers, both using the vulnerability named above. One of the attacks was discovered by Freddie Leeman, who posted his findings on Twitter.

From Leeman’s report, it seems the hackers dropped malicious script from a public server on the normal web. According to BleepingComputer, the dropped script will download another script, which then deploys multiple binary payload variants on the exploited hosts. Multiple versions of this exploit were developed in the days succeeding the discovery, which shows that the attackers were still fine-tuning their techniques.

Another team of attackers was seen by security researcher Magni Sigurðsson, who told ZDNetthat the objective of this particular attack is to create a backdoor on the mail servers by downloading a shell script that adds a Secure Shell (SSH) key to the root account. These attackers hosted their script on the Tor network, making it harder to identify them.

Solutions and recommendations

Many Exim users have patched and updated their mail servers since the patch was released and news of the vulnerability has spread. Those who have not applied the patch should update to version 4.92.

Patching is still a problem for many enterprises, and this a known issue. Many cybercriminals actively abuse vulnerabilities for which patches have already been released. Some attackers exploit vulnerabilities that have been patched for almost a year, assuming that many users do not apply available updates quickly, or even at all.

Technologies like virtual patching and application control can help organizations avoid the burden of ad hoc patching. An audit tool can also help organizations include the important patches in a scheduled patch cycle to help ease the burden of planning and deployment.

The Trend Micro™ Deep Security™ solution provides virtual patching that protects servers and endpoints from threats that abuse vulnerabilities in critical applications. Deep Security™ and Vulnerability Protection protect systems and users via the following Deep Packet Inspection (DPI) rule:

  • 1009797 - Exim 'deliver_message' Command Injection Vulnerability (CVE-2019-10149)

The Trend Micro™ TippingPoint® system provides virtual patching and extensive zero-day protection against network-exploitable vulnerabilities via DigitalVaccine™ filters. Customers are protected from threats and attacks that may exploit this vulnerability via this MainlineDVfilter:

  • 35520: SMTP: Exim Internet Mailer Command Injection Vulnerability

The Trend Micro™ Deep Discovery™ solution provides detection, in-depth analysis, and proactive response to attacks using exploits and other similar threats through specialized engines, custom sandboxing, and seamless correlation across the entire attack lifecycle, allowing it to detect threats even without any engine or pattern update.

HTTPS Protocol Now Used in 58% of Phishing Websites


Unlike most types of cyberattacks that have evolved over time, phishing has rarely strayed from the traditional formula of combining social engineering with malicious files or links. Nevertheless, this has not stopped cybercriminals from making even more convincing attempts, going as far as abusing tools supposedly for security. One example is setting up phishing sites that use the HTTPS (Hypertext Transfer Protocol Secure) protocol — a tactic which has been on the rise in phishing attacks, now up to 58% according to the Q1 2019 report from the Anti-Phishing Working Group (APWG).

HTTPS, which has become the standard protocol for secure communication over a computer network, works by encrypting traffic between a browser and a website, ensuring that no third parties are privy to the data that is being exchanged. The use of HTTPS is especially important with websites that ask users for personal information or credentials, such as login pages.

Due to the widespread adoption of HTTPS, current browsers are now designed to notify usersthat they are browsing an “unsecure” website when it lacks the protocol. The presence of a lock icon in the URL bar typically signifies that the user is entering a safe domain while websites without the icon imply the opposite. Wily cybercriminals take advantage of this by creating phishing websites that use HTTPS, thus making a site appear safe to the user’s browser despite its malicious purpose.

Using the HTTPS protocol is enabled by Transport Layer Security (TLS) or Secure Sockets Layer (SSL) certificates. These certificates have traditionally been purchased, and this previously meant that phishing websites that use HTTPS were an expensive option for cybercriminals. However, a number of services now provide TLS and SSL certificates for free, meaning it is now easier for anyone (even cybercriminals) to add HTTPS to their websites. Alternatively, cybercriminals can actually hack legitimate websites to use as phishing sites, making it even more difficult for potential victims to distinguish between what’s safe and what’s not.

The practice of abusing HTTPS in phishing attacks has become so widespread that the FBI issued a public service announcement earlier this month to warn users.  

Best practices to defend against phishing attacks

Fortunately, despite the large number of phishing sites that use HTTPS, some of the best methods users can do to combat phishing remain relatively simple:

  • Be cognizant of what phishing attacks look like and how they work. Misspellings, out-of-context messages, and even different-looking signatures should be red flags.

  • Take everything into consideration before clicking a link or downloading an attachment. Just because a website uses the HTTPS protocol and looks legitimate does not automatically mean that it is safe. For example, a seemingly authentic bank website may be spoofing the legitimate site.

Malicious Spam Campaign Uses ISO Image Files to Deliver LokiBot and NanoCore


As cybercriminals become more creative with their spamming techniques, it shouldn’t be surprising to see more unusual file types being employed as file attachments, as was the case with an April campaign discovered by Netskope that used ISO image files to deliver two notorious Trojans: LokiBot and NanoCore.

The malicious spam comes in the form of a fake invoice email which states that the recipient can access the billing by opening an ISO image attachment. This is notable because invoices are usually sent as Word documents or Excel files. Thus, the use of an ISO image as an invoice is highly unusual. Adding to the suspicious nature of the attachment is the file size. Samples were roughly 1MB to 2MB — again uncommon given that typical ISO images tend to have larger file sizes.

Contained within the image is the executable payload —either LokiBot (detected as TrojanSpy.Win32.LOKI.THFBFAI) or NanoCore (detected as Backdoor.Win32.NANOBOT.SMY)— which is downloaded onto the system when a user clicks on the attachment.

The technique used in this campaign confirms that cybercriminals are using a larger variety of file types for their email attacks. Trend Micro detections of advanced email threats in 2018 included malware-ridden spam with IQY and ARJ file attachments. ISO files are automatically mounted upon clicking, and email security solutions usually whitelist it, so it makes sense that cybercriminals are experimenting with its use.

LokiBot and NanoCore

LokiBot is a sophisticated malware family that has information stealing and keylogging capabilities. Often advertised in the underground as a tool used for stealing passwords and cryptocurrency wallets, it has extensively been used in a wide variety of campaigns.

The variant used in this particular campaign has a number of capabilities that help it detect where it is loaded. It uses the function IsDebuggerPresent() to detect if it is running inside a debugger and it also measures the computational time difference between CloseHandle() and GetProcessHeap() to check if it is running inside a virtual machine. In addition to gathering data, which includes web browser information and login credentials, it also checks for the presence of web and email servers as well as remote administration tools.

The other payload, NanoCore, is a Remote Access Tool (RAT) that has high modularity and customizability thanks to various plugins which expand its capabilities.

Like LokiBot, it is sold in underground forums, making it available for other threat actors to use in their own attacks. In this malspam campaign, NanoCore creates a mutual exclusion object (mutex), performs process injection, and uses the registry for persistence. Similar to the LokiBot payload, it also tries to detect the presence of a debugger. The goal of NanoCore is to capture clipboard data and keystrokes and steal information from document files.

How to stay safe from malicious emails

While both LokiBot and NanoCore are fairly advanced malware, malspam is their primary delivery method. Therefore, best practices for detecting and preventing malicious emails remain effective in helping users avoid malware.

  • Be wary of grammatical and typographical errors. Business emails, especially communications between a business and its suppliers, will usually be written in a professional manner. An email that contains blatant grammatical or typographical errors could be a sign that it is a malicious email.

  • Double check the email address of the sender. The easiest way to determine if an email is authentic is to check the sender’s email address. If it doesn’t use the official domain of the sender’s organization, or uses an unusual email, that’s a red flag.

  • Context, context, context. If the email content fails to provide context regarding the discussion (such as a one-liner) and also includes a link or an attachment, then there is a high chance that it is a malspam attempt.

  • Don’t click or download. Even if an email looks legitimate, it’s still prudent to avoid clicking on any links or downloading any files until the source is verified to be legitimate. Hacked email accounts have previously been used for spear phishing.

Trend Micro email security solutions powered by machine learning

To make it easier for organizations to protect their employees from phishing and advanced email threats, they can consider email protection like the Trend Micro™ Cloud App Security™ solution, which uses machine learning (ML) to help detect and block attempts at spam and phishing. It can detect suspicious content in the message body and attachments as well as provides sandbox malware analysis and document exploit detection.

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malicious-spam-campaign-uses-iso-image-files-to-deliver-lokibot-and-nanocore

Build 20190521

What’s new this week: 

Admin level custom filtering rules

It’s now possible to create filtering rules at admin level (that apply to all domains linked to that admin, including indirectly). To do this, simply use the “Admin Rules” tab and select the appropriate admin when creating the rule.

Admins also have a new “Inherited Rules” tab, where they can see (but not edit) rules that have been created by higher level admins. Domain-level users are able to see, but not edit, the rules that are applied to their mail (on the “Admin Rules” tab). If a domain-level user opts out of using the default rules, they are opted out of using the admin rules as well.

LDAP authentication using remote username

If you have configured the LDAP mailbox sync to sync the (remote) username associated with the mailbox, then this can now be used when authenticating against an LDAP server. This is useful when your usernames and email addresses do not necessarily match, e.g. the username may be jsnow but the email address is [email protected]. Authentication will first be attempted using the mailbox entered on the log in page, and if authentication fails, then if there is a remote username set for the mailbox, authentication will be attempted using that.

Changelog

Front-end / GUI:

  • Resolved: fixed inconsistencies when using both the deprecated and current quarantine page (MMA-1255)

  • Resolved: fixed an issue with retrying delivery on all outgoing messages matching a search (MMA-1327)

  • Changed: the links to the deprecated queue & quarantine pages have been removed from the queue & quarantine pages (b3ba5f44c9).

  • Changed: it is no longer possible to add a mailbox alias that has the same name as a mailbox (MMA-1298)

  • Improved: the username from the LDAP mailbox sync can be used (rather than the email address) when authenticating against an LDAP server (MMA-193)

  • Improved: custom filtering rules may now be applied at the admin level (MMA-535)

Build 20190528

What’s new this week: 

LDAP distribution list flag sync

The LDAP mailbox synchronization system has a new attribute that may be copied from the LDAP server: indicating if the mailbox is a distribution list. A default mapping is provided for newly added domains, so, if your LDAP server is configured in a standard way, and you’re using the default mapping, your distribution lists should be picked up automatically.

Changelog

Front-end / GUI:

  • Resolved: fixed an issue where the “customise actions” action would not work for some domains (MMA-1334)

  • Resolved: fixed the button to enable/disable using recommended values on the sender/recipient whitelist/blacklist pages and custom filtering rules pages (MMA-1135)

  • Improved: language selection is now available from the user profile page (MMA-988)

  • Added: the LDAP mailbox sync now supports syncing a distribution list flag (MMA-755, MMA-439, MMA-753)

Build 20190604

Changelog

Filtering (services): 

  • Resolved: improved handling of exceptionally large messages in quarantine (971d658874)

  • Resolved: ARF notification messages would show as queued, but were actually delivered (MMA-1354)

  • Resolved: improved handling of quarantined messages when a cluster has high load (MMA-1029)

Front-end / GUI:

  • Resolved: fixed an issue where when changing the type of filter, old suggestions would continue to be displayed (MMA-1230)

  • Improved: error pages now include the X-Frame-Options header (MMA-1355)

Dropbox's Layered Approach to Password Security

Dropbox has battened down its security hatches. There's good reason: The

company was one of many this year that have faced nightmarish news that
rumors of a password breach were, in fact, true. It's still unclear how
Dropbox and companies including Yahoo, LinkedIn, MySpace and Twitter
were hacked, or why the stolen data only circulated more widely several
years after the intrusions. But the revelations have unnerved web
services companies and spurred a new urgency around securing passwords.

See Also: Main Cyber Attack Destinations in 2016

Dropbox's intrusion was isolated to around mid-2012, an era that Rajan
Kapoor, the company's senior manager for trust and security, says was a
very immature time for cloud services. Since then, security has "grown
up quite a bit," he says.

"The industry on the whole has learned a lot of lessons since 2012,"
Kapoor says. "Dropbox specifically has matured our security capabilities
tremendously."

The password breach occurred around the same time as another security
incident that became public. An attacker managed to compromise a Dropbox
employee's credentials and stole a project document that contained user
email addresses. Some users began receiving spam in German, English and
Dutch advertising gambling websites. 

Read the full story and security methodology for Dropbox Password
Protection as of October, 2016

http://www.databreachtoday.com/dropboxs-layered-approach-to-password-security-a-9441

Clinton, Trump: Head-to-Head Over Purported Russian Hacks

  A report on the verbal combat between Hillary Clinton and Donald Trump over whether the Russian government is using hacks to influence the

 U.S. presidential election leads the latest edition of the ISMG
 Security Report.

In the report, you'll hear (click player above to listen):

    DataBreachToday Executive Editor Mathew J. Schwartz discuss the
    purported Russian cyberattacks and the two presidential candidates'
    disagreement over it;
    ISMG Security and Technology Managing Editor Jeremy Kirk explain
    Dropbox's multilayered password protection strategy in the wake of
    its massive data breach;
    BankInfoSecurity and CUInfoSecurity Executive Editor Tracy Kitten
    analyze the effectiveness of a Michigan credit union's bold move to
    block members from using their payment cards at all Wendy's
    locations following a malware attack.

The ISMG Security Report appears on this and other ISMG websites on
Tuesdays and Fridays. Be sure to check out our Oct. 4 and Oct. 8
reports, which respectively analyze Trump's cybersecurity platform and
the PCI Security Standards Council's new requirements that are designed
to help thwart attempts to defeat encryption in point-of-sale devices.
The next ISMG Security Report will be posted on Friday, Oct. 14. 

Read the entire story and hear the podcast:

http://www.databreachtoday.com/interviews/clinton-trump-head-to-head-over-purported-russian-hacks-i-3355

The 411 on the Password Black Market

See source post on LastPass Blog: https://blog.lastpass.com/2016/07/the-411-on-the-password-black-market.html

It’s no secret that passwords are becoming more and more valuable. It seems like every new day brings a new breach involving hundreds of thousands or millions of passwords. While you’re probably aware of this threat, you may not be sure why you’re at risk, and even what it means for your accounts. Do you really need to worry about every single breach? What can hackers really do with your passwords anyway?

Here’s what you need to know about the black market for passwords http://www.theatlantic.com/technology/archive/2016/02/the-black-market-for-netflix-accounts/462321/ and what you can do to protect your passwords and personal information. How passwords are stolen

The term ‘black market’ for passwords gets mentioned here and there when a data breach makes the news. It might sound far-fetched, but the truth is that on both publicly-available websites and the dark web there are stolen passwords available for sale. These are usernames and passwords that hackers obtain and sell to those who want cheap access to online services, or who may have more nefarious intentions by using them as a foothold into someone’s online identity. There are many ways attackers might try to infiltrate your online accounts and steal your passwords. Here are some of the most common methods:

In phishing attempts, a fake sender pretends to be contacting you from a reputable company where you have an account, such as Netflix or even your credit card. They’ll ask you to update your account information, like resetting your password. When you follow their links to do so and enter your username and password, it goes right into a hacker database and is usually made available for sale.

Another type of social engineering attack (meaning the user engages with the hacker to give up information) is pretexting. This entails a hacker reaching out to users and leveraging some piece of personal information to then encourage the user to give up even more information about themselves.

Seems like a no-brainer, but when you write down passwords on paper and leave it near your desk, anyone can take that information. Whether it’s someone at work or a burglar if your home is broken into or your phone is stolen, those passwords contain sensitive information that you don’t want in the hands of the wrong people.

Brute-force attacks occur when a hacker systemically and methodically attempts to guess all versions of a password until finding the correct one. This is a clear case where having a longer, more complicated, and random password is advantageous to protecting your account.

Data breaches can occur on a small or large scale, and usually occur when a database for a company, such as Target or Omni Hotels http://www.wsj.com/articles/omni-hotels-warns-of-data-breach-1468010853, is compromised. Usually attackers either gain direct access to the database to steal personal information directly, or they install malware on machines that then captures account information that is sent back to the hacker. Data leaks also happen when corporate devices like laptops or cell phones are lost or stolen, or when paperwork is mishandled. Why passwords matter

Even if your account doesn’t include access to cash or credit card numbers, it’s still extremely valuable and you don’t want it in the wrong hands. It’s likely the account includes information that a hacker could use to access other accounts via a pretexting or phishing attack, such as family member’s names (from your Netflix profiles), common running routes and your home address (from activity tracking apps like FitBit), home zip code (available in most apps), and much more. Passwords for services like Spotify Premium and Netflix may sell for as little as $0.25 http://www.digitaltrends.com/home-theater/netflix-black-market/ on the black market as people want cheap access to online services.

If that doesn’t convince you that you shouldn’t use any ‘throwaway’ passwords, this will. Consider the LinkedIn breach back in 2012; those passwords are still being sold http://money.cnn.com/2016/05/19/technology/linkedin-hack/ on the black market. You likely changed your LinkedIn password at the time of the breach, but if you used your original password for other accounts, hackers who buy the stolen credentials may now find the other sites where you used that password (think brute-force, password-reuse attacks) and be able to get into the account. That’s one good reason to never reuse passwords. How to protect your passwords

The news of so many threats can be overwhelming, but there are a few important steps you can (and should) take to prevent your password from being stolen and sold on the black market.

First off, use a unique password for every account, regardless of how sensitive you feel the information in your account is. When you have a separate password for every account, if one of your accounts is hacked and someone tries to sell or leak your password, the person who may purchase them will not be able to use that password to get into any of your other accounts. If you have trouble with that, a password manager like LastPass can remember and generate them for you.

Second, set up multifactor authentication on your accounts wherever it’s possible. Let’s say one of your passwords is stolen and made for sale on the black market. If you have multifactor authentication on that account, the person who buys your password will not be able to access the account because it requires a second form of identification or authentication that is tied to your phone or email.

Just as hackers are becoming more savvy in stealing and selling passwords, we too must become more savvy in protecting our information. If you don’t use a password manager yet, you can get started for free with LastPass https://lastpass.com/how-it-works/ in just a few minutes. This allows you to easily create and manage unique passwords because LastPass remembers those passwords for you. Already using LastPass? Try the Security Challenge https://helpdesk.lastpass.com/lastpass-security-challenge/to identify and change your reused passwords and setup two-factor https://blog.lastpass.com/2015/01/the-one-thing-you-can-do-right-now-to-be-more-secure-online-multifactor-authentication.html/ authentication for your LastPass account.

GET LASTPASS! http://lastpass.com/download

See source post on LastPass Blog: https://blog.lastpass.com/2016/07/the-411-on-the-password-black-market.html


MailEdge.net - Email | Secured Free your self from Spam and Email Threats - Start FREE http://www.MailEdge.net

Japan Issues Pokémon Go Safety Guidance

[image: Japan Issues Pokémon Go Safety Guidance]

As Japan sees the official in-country launch of the augmented reality game Pokémon Go http://www.databreachtoday.com/pokemon-go-mayhem-privacy-muggings-malware-a-9256, the government's cybersecurity organization has issued a related, nine-point safety and privacy http://www.inforisktoday.com/privacy-c-151 guide.

See Also: Achieving Advanced Threat Resilience: Best Practices for Protection, Detection and Correction http://www.databreachtoday.com/webinars/achieving-advanced-threat-resilience-best-practices-for-protection-w-906?rf=promotional_webinar

Read the story on Data Breach Today:

http://www.databreachtoday.com/blogs/pokemon-go-are-we-so-stupid-about-security-p-2192

The warnings come after reports that some users have faced robbers, been hit by cars and even been shot at by suspicious homeowners. Meanwhile, the U.K. Coast Guard has documented what appears to be the first case involving teenagers stealing a rowboat to chase a rare Pokémon across a lake.

Japan's National Center of Incident Readiness and Strategy for Cybersecurity, which reports to the Japanese government's cabinet, issued the safety guide http://www.nisc.go.jp/active/kihon/pdf/reminder_20160721.pdf via its website as well as Twitter. The organization says the guidance - covering everything from watching for trains and heatstroke to carrying backup power supplies and having a fallback communications strategy - applies to adult and child players alike.

"Please pass this on to people around you, especially to children, so everyone can enjoy the game, and play it safely," NISC tweeted https://twitter.com/nisc_forecast/status/755720522546106369 on July 20. Japan's NISC cybersecurity agency issues 9-point safety guide for Pokémon users.

The guidance comes as the popularity of Pokémon Go - a game in which players chase virtual creatures in real-world locations - continues to explode. The concept is based on the trading-card game Pokémon, short for pocket monsters, that was first released in Japan in 1996.

Twenty years later, Nintendo, working with software developer Niantic- a spin-off from Google - and Japanese consortium The Pokémon Company, has released an augmented reality version of the game, which so far has been rolled out in 35 countries, including Australia, Britain, Canada and the United States, which as of July 18 had 21 million active Pokémon Go users.

On July 22, the game was officially released in Japan. The rollout has been delayed because of Niantic prepping additional server capacity after details of McDonald's sponsorship of the game https://www.theguardian.com/technology/2016/jul/20/pokemon-go-japan-launch-delayed-mcdonalds-sponsorship-gyms leaked. With the game's launch, McDonald's has announced that 3,000 of its fast-food locations have been turned into virtual gyms where Pokémon players can do virtual battle to earn "PokéCoins" virtual game currency. But according to an alleged memo http://krsw.2ch.net/test/read.cgi/pokego/1468943731/31 between the fast-food chain and the game makers, after the surge of interest following the leaked McDonald's sponsorship report, they worried that existing demand would exceed capacity, and delayed the rollout. Players Face Real-World Hazards

As Pokémon Go launches in Japan, officials are clearly cognizant of the risks of users staring at their smartphones while attempting to navigate a variety of privacy as well as outdoor hazards.

NISC's guidance urges users to employ "cool names that are different from real names" as well as to beware of fake versions of Pokémon Go designed to sneak malware onto their devices. Authorities also recommend all users carry backup power supplies and that children have a fallback communications plan in case their smartphone runs out of power. The guidance also recommends users pack plenty of water, watch for signs of heatstroke and avoid "dangerous zones" when chasing virtual creatures.

To date, Pokémon Go users in other countries have already faced a variety of real-world hazards. Some players have been shot at by a Floridian homeowner https://www.facebook.com/notes/flagler-county-sheriffs-office/pok%C3%A9mon-go-hunters-shot-at-this-morning-in-palm-coast/629038090604393 , fallen off a cliff http://www.latimes.com/local/lanow/la-me-ln-pokemon-go-players-stabbed-fall-off-cliff-20160714-snap-story.html or beenhit by a car http://pittsburgh.cbslocal.com/2016/07/13/tarentum-teen-hit-by-car-while-playing-pokemon-go/ .

Meanwhile, the U.K. Coast Guard http://hmcoastguard.blogspot.co.uk/2016/07/have-fun-catching-pokemon-but-be.html on July 19 reported that it had been dispatched "to investigate reports of a group of twenty youths taking a rowing boat without permission to chase a Pokémon across New Brighton marine lake." The coast guard reported that when it arrived, the teenagers had already left.

To date, thankfully, there have been no reports of Pokémon Go leading to fatalities. Investors Chase Nintendo's Stock

No one knows if the Pokémon Go hype will hold, potentially heralding a new age of gaming in which children desert living rooms en masse to chase virtual creatures outdoors. By every measure, however, the game so far continues to be a smash success. That includes the value of Nintendo's stock price, which has gained $18 billion since Pokémon Go was first released on July 6. On Tuesday, $6.6 billion in shares were exchanged - worth more than the combined turnover seen that day on the stock exchanges of Australia, Germany, Hong Kong and Switzerland, Bloomberg reports.

Meanwhile, analysts estimate that Apple could earn $3 billion in revenue from Pokémon Go within the next two years, thanks to users purchasing PokéCoins via the app store, theGuardian reports.

"We believe Apple keeps 30 percent of Pokémon Go's revenue spent on iOS devices, suggesting upside to earnings," Needham & Company brokerage analyst Laura Martin https://www.theguardian.com/technology/2016/jul/21/apple-to-make-3bn-in-revenue-from-pokemon-go wrote in a July 20 client note, Reuters reports. Apple's stock price, meanwhile, has increased by 5 percent in value since the release of the game.

"It's been nuts," Andrew Clarke http://www.bloomberg.com/news/articles/2016-07-20/traders-chasing-pokemon-dream-now-battle-over-nintendo-s-value, Hong Kong-based director of trading at Mirabaud Asia Ltd., tells Bloomberg. "The hype over the game is huge. There's been nothing like this since ... I can't remember really."

*This story has been updated to reflect the July 22 launch of Pokémon Go in Japan.*

131 Cyber Security Tips that Anyone Can Apply

*Looking to sink your teeth into some good security tips you can actually apply?*

Today’s collection of action-ready cyber security advice might be just what you need.

There are no less than 131 ways in which you can improve your online safetyand they’re all FREE to use and apply.

You’ll be surprised of the things you can do to better secure your data! All it takes is spending some time reading the right things and adjusting a few settings.

Applying these security tips feels just as good as digging into a plate of hot, fluffy, syrupy pancakes. Seriously, you have to try it! Cyber Security Tip #1: How to be realistic about your online presence

Understand that you’re an attractive target for cyber criminals.

If you have money (doesn’t matter how much), data (usernames, passwords, documents, emails, etc.) or a place to work, you’re going to be targeted.

It’s not even personal, as cyber criminals automate most of their attacks.

Don’t ever say “it can’t happen to me.”

Cyber Security Tip #2: The basics of safe online shopping

Online shopping safety: never do it from a device that isn’t yours or on a network you don’t own.

Your data could be copied and harvested by cyber criminals.

Make sure you’re the only one spending your money by:

  • Using safe network

  • Employing strong passwords (password managers FTW!)

  • Being careful about which websites you shop at

  • Never saving your card details in an online account

  • Verifying your transactions weekly to make sure there’s nothing fishy going on.

Want more tips? Get them here: https://heimdalsecurity.com/blog/ultimate-guide-shopping-online-safely/All the Actionable Tips You Need to Safely Shop Online https://heimdalsecurity.com/blog/ultimate-guide-shopping-online-safely/.

Cyber Security Tip #3: Should you plug that in?

Careful on what you plug into your computer.

Never use a USB whose source you don’t know! It can be infected with malware that can even resist formatting.

Don’t let curiosity get the best of you.

Cyber Security Tip #4: Who’s that friend request from?

Facebook friends or foes?

Cyber criminals often create fake profiles to befriend you. The ultimate goal is to get you to leak confidential data to them (either about you or the company you work for). Be careful of the friend requests you accept.

Trust no Facebook friend (unless you know them in real life and you’re absolutely, positively sure they can be trusted).

Cyber Security Tip #5: How to protect your passwords in real life

Who’s looking over your shoulder?

*Did you know that bystanders or co-workers can steal your passwords only by peeking at what you’re typing?*

This is especially true is your passwords are as easy as 123456 (please change them if it’s the case).

Take a look around and make sure everything’s safe before typing a password. Also: NEVER share your passwords. Ever.

Cyber Security Tip #6: You still need antivirus (yes, really)

Get protection for your connection!

Do a bit of research and choose an antivirus you trust. Paid is better than free. Antivirus is still very necessary, so don’t skip it.

How to do it: https://heimdalsecurity.com/blog/what-is-the-best-antivirus/What Is the Best Antivirus for My PC? A Step-By-Step Research Guide https://heimdalsecurity.com/blog/what-is-the-best-antivirus/.

Cyber Security Tip #7: Get your 2-FA on

Use 2-factor authentication everywhere you can. Set it up to receive authentication codes via sms or on an authenticator app.

Moar layers = moar securiteh!

How to do it: http://heimdalsecurity.com/blog/start-using-two-factor-authenticationWhy You Should Start Using Two-Factor Authentication Now http://heimdalsecurity.com/blog/start-using-two-factor-authentication

Cyber Security Tip #8: Keep it in check

Check your bank statements on a weekly basis (your online banking can help you do that easily).

Look for suspicious activity and, if any, alert your bank, change all passwords related to that account and make sure to activate every security measure available.

Financial malware https://heimdalsecurity.com/blog/online-financial-security-guide/ lurks just around the corner.

Cyber Security Tip #9: Lock it up

Never leave your laptop/smartphone/tablet unlocked while you’re away.

Don’t make it so easy for anyone to get into your system.

Set up a password for your account asap (it’ll only take 2-3 minutes).

Cyber Security Tip #10: How to protect what matters

Prioritize your most sensitive accounts.

Here’s a quick list:

  • Email

  • Online banking / Paypal

  • Amazon / other ecommerce website you use

  • Any account where you’ve put in your card details

  • Any account that has sensitive info (social security number, address, phone no., etc.).

Secure them with strong passwords + two-factor authentication.

Make it as difficult as possible for anyone other than yourself to access them.

Be a cyber security ninja!

Cyber Security Tip #11: Cleaning out your closet

Here’s a tip that applies to both your wardrobe and your apps: if you haven’t used it in the past 6 months, it should go.

Clean out old apps https://heimdalsecurity.com/blog/spring-cleaning-remove-old-software-makes-pc-vulnerable/ you don’t use to get rid of vulnerabilities that cyber criminals can exploit.

Keep it fresh!

Cyber Security Tip #12: A cure for your Internet addiction

How badly do you need to use someone else’s computer?

You can never know if someone else’s computer is infected with malware, has a keylogger (that tracks and stores everything you type on the keyboard) or is simply unsafe.

Stick to your own devices as much as possible.

Cyber Security Tip #13: Trace your digital steps

Do an inventory of your digital footprint.

Step 1: Make a list of online accounts. Step 2: Set strong passwords for them. All of them. Step 3: Delete the accounts you haven’t used in the past 6 months.

Decluttering feels goooood!

Cyber Security Tip #14: Why paranoia can be good

It’s okay to be (a little) paranoid.

Being aware of what’s going on, online and offline, can help you keep safe from compromise. Simple rules to live by online: If it sounds/looks too good to be true, it’s probably not true. If it looks fishy, better stay away. If someone asks for your confidential data, don’t give it to them.

In small doses, paranoia is a good thing.

Cyber Security Tip #15: Ulterior motives

Linkedin recruiter or attacker in disguise?

Cyber criminals often create fake Linkedin profiles to gain access to details about you that they can use later. They collect data about your studies, names of employers and connections, etc.

Check out their profiles before accepting their connection request. Warning signs to look for:

  • too little, generic info

  • picture that looks like stock photography

  • Very few connections.

Cyber Security Tip #16: How to automate software updates for free

*Did you know that updating your apps can prevent 85% or targeted attacks?*(According to US-CERT http://www.zdnet.com/article/in-patches-we-trust-why-software-updates-have-to-get-better/#ftag=RSSbaffb68 .)

Rule of thumb: keep your operating system and your applications up to date. All. The. Time. No exceptions!

*Don’t have time / don’t feel like dealing with constant updates for your apps?* Get http://heimdalsecurityagent.com/en/products/heimdal-freeHeimdal FREE http://heimdalsecurityagent.com/en/products/heimdal-free and let it do it for you.

Update me, baby, one more time!

Cyber Security Tip #17: Beef up your passwords

One of the key pieces of advice that all cyber security specialists give is so simple it’ll blow your mind:

Never, ever (ever, ever, ever!) reuse passwords!

And don’t think that choosing “password123” and “passwords1234” means you’re doing it right.

This is what a good password looks like (but don’t use this one): c.*%7(:wQ,28{T^7

Online password generator: https://identitysafe.norton.com/password-generator/ https://identitysafe.norton.com/password-generator/ Check your passwords’ strength: https://howsecureismypassword.net/ https://howsecureismypassword.net/

Can’t remember them? (Of course you can’t. I can’t either.) Use a password manager.

Cyber Security Tip #18: Be wary of social engineering

Social engineering is quite big with cyber criminals.

What it is: a type of psychological manipulation to get people to bypass normal security procedures or divulge confidential information.

How it can happen:

  • At home: someone pretending to be from your bank can call to ask you for your online banking password via a link provided by that person. Your password could be harvested and then used to empty your account.

  • In the workplace: a contractor your company works with asks for private company information that grants access into your system.

In both cases, you answer should be a big, fat NO. Check with your boss and double check info directly with any company/institution before providing any confidential info.

Cyber Security Tip #19: Ransomware 101

Ransomware is one of the biggest cyber threats out there. What it does is it encrypts ALL your data and locks you out. It also asks for a ransom, typically between $200 and $500, to give you de decryption key.

To protect yourself against ransomware, do this:

  • Do frequent data backups (in multiple locations)

  • Don’t keep vital information only on your computer

  • Never access .zip attachments in e-mails from unknown senders

  • Don’t click links in e-mails from unknown senders

  • Keep your OS and apps up to date at all times

  • Use a reliable antivirus

  • Add another layer of security with a product that protects you from attacks that antivirus can’t block (Heimdal PRO https://heimdalsecurity.com/en/products/heimdal-pro is an option).

Wanna know more? Check out this https://heimdalsecurity.com/blog/what-is-ransomware-protection/anti-ransomware protection guide https://heimdalsecurity.com/blog/what-is-ransomware-protection/.

Cyber Security Tip #20: Too good to be hacked

A lot of people think:

“I don’t need security programs because I don’t access unsafe locations.”

First of all, even legit websites can be compromised. Second of all, there are plenty of attacks that happen without user action (aka clicking on something, downloading data, etc.) – they’re called drive-by attacks. Third, even if you were a cyber security expert, there are still plenty of vulnerabilities that attackers can exploit to get to you.

To be safe online is quite similar to driving your car. You may have common sense and pay attention to potential dangers, *but can you always predict what others are doing around you, in traffic?*

Don’t think you’re too good to be hacked. You’re not. No one is. (Sorry to burst your bubble there.)

[image: hackerman] https://heimdalsecurity.com/blog/wp-content/uploads/daily-tip-20.gif

See the source post with the remaining free Cyber Tips from Heimdal Security here:

https://heimdalsecurity.com/blog/cyber-security-tips/

Fwd: Ransomware Tips: Fighting the Epidemic

Kaspersky's Vitaly Kamluk Shares Insights on Protection, Regional Trends

Ransomware has fast become a chronic issue globally, and the impacts are being felt in Southeast Asia. In India, for instance, while there isn't much reporting happening, it is common knowledge that government and BFSI institutions are hot targets. Ransomware is popular with cybercriminals because it often leads to easy money. Enterprises find it expedient to pay a small ransom and make the problem go away, rather than suffer business downtime.

Vitaly Kamluk, Kaspersky Lab's director of the global research and analysis team in APAC, argues that paying the ransom is a bad idea. It can be bad for the ecosystem, reinforcing the cybercriminal business model. And it can also be bad for the enterprise, where instances of a more ransom demands are not unheard of, he says. In some cases, the keys are never shared (see: *Ransomware: Is It Ever OK to Pay?* http://www.inforisktoday.asia/ransomware-ever-ok-to-pay-a-9036).

"Ransomware is a very common and emerging problem in the whole of Southeast Asia and in India specifically," Kamluk says in an interview with Information Security Media Group. "In fact, according to Kaspersky sensors, India has the highest number of infections for TeslaCrypt - one of the most popular ransomware variants."

Encryption-based http://www.inforisktoday.asia/encryption-c-209 ransomware is the bigger threat, because these attacks use cryptographic algorithms that are not breakable at the moment, he says. The secret key used by the ransomware is critical to decrypt victim data. While security companies have sometimes been able to find vulnerabilities in the implementation of crypto-algorithms in the malware, leading to a possibility of decrypting the data without knowing the key, this is only in the case of specific symmetric encryption, he says. In cases where the more advanced asymmetric encryption is used, decryption without the key is not possible (see: *Phishing, Ransomware on the Rise* http://www.inforisktoday.asia/phishing-ransomware-on-rise-a-8955#.VuFsBhZawoI.twitter ).

In such cases, collaboration with law enforcement and ISPs has been successful, with law enforcement authorities taking down the servers being used by cybercriminals and then allowing security players like Kaspersky access to the hard drives to extract keys. Some public decryption is now possible due to this and cases such as the TeslaCrypt ransomware, where the keys have been released to the public by the authors. Free tools have been built to help decrypt data where such crypto keys are publicly available, he says.

Of course, prevention is always better, and some easy steps can be followed to minimize exposure. Ensure that proper awareness training is given to employees on the risks and attacks vectors used by ransomware, Kamluk advises. Use a good AV product and also ensure that your system is up to date. If your systems are not patched and updated, you could still get infected even when visiting a trusted site through malicious injections in the ad-banner networks that can lead to an automatic compromise (see: *No-Brainer Ransomware Defenses* http://www.inforisktoday.asia/interviews/no-brainer-ransomware-defenses-i-3227 ).

"Cybercriminals are relying on the fact that users are lazy and don't update their systems. That is why many vulnerabilities that have been patched are still working and can be exploited to compromise systems," he says.

In this interview, (see audio player link below image), Kamluk http://www.inforisktoday.asia/compromised-rdp-server-tally-from-xdedic-may-be-higher-a-9218 shares tips and techniques to better protect against the prevalent ransomware attack trends in the region. He also shares broader insight on the Asian security landscape, commenting on:

  • Attack trends and types of threat actors;
  • Attacker motivation and changing landscape;
  • Emerging threats to prepare for.

Kamluk is Kaspersky Lab's director of the global research and analysis team in APAC and has been involved in malware research at the firm since 2005. In 2008, he was appointed senior anti-virus expert, before going on to become director of the EEMEA Research Center in 2009. He spent a year in Japan focusing on major local threats affecting the region. In 2014, he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he works in the INTERPOL Digital Crime Center specializing in malware reverse engineering, digital forensics and cybercrime investigation. He remains a principal security researcher at Kaspersky Lab.

Read the source post on Data Breach Today:

http://www.databreachtoday.com/interviews/ransomware-tips-fighting-epidemic-i-3257

Sent with MailTrack https://mailtrack.io/install?source=signature&lang=en&[email protected]&idSignature=22

Hospitals and Ransomware: The Temptation to Pay

Some healthcare entities may be more likely than organizations in other sectors to pay extortionists to unlock data that's been encrypted in ransomware http://www.healthcareinfosecurity.com/anti-malware-c-309 attacks because patients' lives are potentially at risk if data is unavailable, says privacy http://www.healthcareinfosecurity.com/privacy-c-151and security expert Kate Borten.

See Also: Unlocking Software Innovation with Secure Data as a Service http://www.databreachtoday.com/webinars/unlocking-software-innovation-secure-data-as-service-w-895?rf=promotional_webinar

"Even though law enforcement would say 'don't pay, these guys are criminals, and we don't want to encourage criminal behavior, and you can't trust them,' ... the reality is that this is a business decision, and each organization needs to consider what the impact is," says Borten, founder and president of consulting firm The Marblehead Group.

"In healthcare, for provider organizations, the ultimate [consideration] is patient care, and if the attack has the potential to affect care of patients, then I think we see hospitals ... paying the ransom in some cases."

For example, Hollywood Presbyterian Medical Center http://www.healthcareinfosecurity.com/ransomware-hits-hospitals-a-8872 in February said it paid attackers about $17,000 in bitcoin to unlock patient data after a ransomware scheme.

Healthcare entities need to keep in mind that there are other potential threats posed by ransomware beyond locking up patient information, Borten notes. "We can never assume that all it's doing is simply encrypting http://www.healthcareinfosecurity.com/encryption-c-209 the data. That might be what we see because we can't get to our files, but there may be much more going on."

Organizations can avoid having to making a difficult decision about whether to pay a ransom after an attack, Borten says, if they take appropriate defensive precautions, such as properly backing up data to ensure availability.

In an interview at the Boston Fraud and Breach Prevention Summit http://events.ismgcorp.com/event/fraud-breach-prevention-boston-2016/?rf=trending, Borten also discusses:

Before founding The Marblehead Group http://marbleheadgroup.com/, Borten led the enterprisewide security program at Massachusetts General Hospital in Boston and established the first information security program at Beth Israel Deaconess Medical Center and its parent organization, CareGroup, as its CISO.

Read the source post by Data Breach Today

http://www.databreachtoday.com/hospitals-ransomware-temptation-to-pay-a-9268

Databases from Hot Scripts, Mac Forums, Web Hosting Talk Surface on the Dark Web

Almost 1.7 million users affected by latest breaches

A hacker who goes by the name of uid0 claims to have breached three websites belonging to Penton Technology: Hot Scripts, Mac Forums, and Web Hosting Talk.

The hacker is now selling the data through The Real Deal Dark Web marketplace, like many other hackers have done before him.

vBulletin zero-day?

In an encrypted conversation with your reporter, the hacker claims that he was able to obtain full database dumps from all three websites. This includes user records, private messages, site content, hashed and salted passwords.

Two of these websites, Mac Forums and Web Hosting Talk, run on the vBulletin forum platform. The hacker claims that he's in possession of a vBulletin zero-day, which allowed him access to these two sites.

It is currently unclear how the hacker breached the Hot Scripts service but shared servers might explain how he was able to acquire this service's database. This scenario is only unconfirmed speculation since Penton has yet to respond to Softpedia's request for comments.

Hacker leaks data for nearly 1,7 million users

According to uid0, the Mac Forums database contains the private details of over 291,000 users, the Hot Scripts database comprises details of over one million users, and the Web Hosting Talk data dump contains details on over 400,000 users.

The hacker is asking for 1.2 Bitcoin (~$800) for the Mac Forums database, and 3 Bitcoin (~$2,000) for each of the Hot Scripts and Web Hosting Talk databases.

In recent months, several database dumps belonging to LinkedIn, Tumblr, and MySpace have surfaced years after hackers breached those services. The hacker claims to have breached and dumped the data this year, in 2016.

Your reporter was not able to verify the validity of the hacker's data because uid0 deferred the release of sample data to a later date. On the Dark Web marketplace, the seller has a 100% positive feedback, meaning previous buyers have not complained about fake data.

Softpedia has also reached out to vBulletin regarding the hacker's claim to be in possession of a zero-day vulnerability.

Affected users should reset passwords ASAP

Users of these three services are advised to reset their passwords as soon as possible to avoid having their accounts compromised.

If they used the same username-password combo on other sites, they should change those credentials as well, since crooks have started to launch brute-force attacks on accounts on other sites using previously compromised credentials. One such service that has seen this kind of attacks is GitHub. Netflix and Facebook have taken special steps to prevent similar incidents.

Additionally, many of today's CEOs have had various social media accounts hacked using this type of method. The most famous case is Mark Zuckerberg, who had his Twitter and Pinterest accounts hacked because he used the same password he employed for his LinkedIn account, which was included in the recent publicly disclosed breach, also available for sale on the Dark Web.

Read more: http://news.softpedia.com/news/databases-from-hot-scripts-mac-forums-web-hosting-talk-surface-on-the-dark-web-506129.shtml#ixzz4E71deqQV

 

Mac-Forums, Hot Scripts, and Web Hosting Talk databases for sale

Three websites owned by Penton Technology, acquired in 2015 as part of the purchase of iNET Interactive – MacForums.com, HotScripts.com, and WebHostingTalk.com – have been compromised and their databases are now being sold on the Darknet.

 

CSO Threat Intelligence Survival Guide

If enterprises want to understand how they can better invest in security defenses, build the necessary

READ NOW

On TheRealDeal website, a vendor with a solid reputation is offering the Mac-Forums database for ~$775.00, which includes 291,214 accounts.

The Hot Scripts database, with more than a million users, is currently going for ~$1,900.00.

How to respond to ransomware threats

The Web Hosting Talk database, with 498,321 users, is also available for ~$1,900.00.

Salted Hash has reached out to Penton Technology for additional details and comment. We'll update this story should they respond. For now, if you have an account on one of these websites, you should change your password.

Earlier this morning, Salted Hash reported the news that a number of Apple IDs have been compromised; leading some to speculate that there's been a breach at Apple. However, while a breach isn't confirmed – it's just a rumor at this point – what is verifiable is the trend of Apple devices being held for ransom.

It's possible that many of the ransom victims have been recycling their Apple ID credentials on other websites that have been compromised such as LinkedIn, or more recently Mac-Forums or Hot Scripts.

Source: http://www.csoonline.com/article/3093018/security/mac-forums-hot-scripts-and-web-hosting-talk-databases-for-sale.html

 

MailEdge.net Global Infrastructure and MX Records

Our spam services by way of http://www.MailEdge.net is powered and hosted in multiple datacenter locations across the global - supported by our partnership with i3D.net

Priority Balanced MX Records for our service offerings - reinforced by i3D.net network infrastructure.

i3D.net Company Informationi3D.net is a managed-hosting provider based in Rotterdam, the Netherlands, serving over 31,000 customers on 10,000 i3D.net servers in 16 data-center locations worldwide. i3D.net was founded in 2004 in Rotterdam and enjoys a long tradition of award-winning company growth: It is listed in the Deloitte Technology Fast 500 as the fastest growing hosting company in the Benelux and it is the winner of the FD Gouden Gazellen award as fastest growing profitable company in 2009-2012. The i3D.net team of highly-skilled technical engineers provides online infrastructure services and managed-hosting solutions to a broad range of organizations. Customers from the government, education, health care, sports, gaming, web-shop, hosting and print-/about/ sectors are currently being supported by i3D.net services. i3D.net owns data centers and over 10,000 servers worldwide, we are a fast-growing and financially solid organization. We are AA rated as measured by independent financial institutions. i3D.net is certified and audited annually on the CDSA (Content Protection & Security) certification.

i3D.net Datacenters

In 2009, i3D.net founded a flagship data-center in Rotterdam, the Netherlands, which has grown into the largest Rotterdam internet exchange: SmartDC. The data center is 36,000 ft² in size and has a power capacity of 12 MW. The SmartDC datacenter is located in the monumental Van Nelle plant in Rotterdam which is on the UNESCO World Heritage tentative list.

SmartDC is well known for its unique suite concept featuring private cages and suites built as datacenter in a datacenter. Every suite is a stand-alone data center with dedicated cooling, power breakers, security measures and fire surpression. SmartDC builds and operates these suites. The SmartDC data centers are ISO/IEC 27001 and CDSA (Content Protection & Security) certified and yearly audited.

The data center was built to offer Tier-3+ specifications with N+1 cooling, N+1 uninterruptible power supplies (UPS), N+1 generators and two transformers providing 23,000 Volt mains power for a total potential power usage of 12 MegaWatt (MW). The meet-me-room (MMR) provides connectivity to Tier-1 and Tier-2 carriers.

i3D.net NetworkWe operate a large internet ‘backbone’ across Europe and the United States which is connected to over 1,600 peers on the world’s largest internet exchanges: AMS-IX, DEC-IX, LINX, NL-ix, PLIX, NoVA and multiple tier-1 providers such as Level3, NTT, DTAG. The i3D.net network uses AS49544 and provides a capacity of 435 Gigabit/s. The core network architecture is MPLS-based and runs on Brocade MLXe core routers.

 

i3D.net winner of Gouden GazellenIn November 2012, i3D.net won the Financieele Dagblad Gouden Gazellen for fastest growing profitable company in South-Holland. Our company is also ranked for the 4th year in the Deloitte Fast 500 EMEA for fastest growing technology companies.

i3D.net facts

  • Owns and operates over 10,000 servers
  • Provide datacenter housing to colocation servers
  • 16 locations worldwide
  • 24/7 technical support
  • Certified professionals
  • Ranked among the Deloitte Fast500 of fastest-growing technology companies
  • Winner of the Financieele Dagblad ‘Gouden Gazellen’ award
  • CDSA audited on Content Protection & Security
  • ISO/IEC 27001 audited datacenters
  • Member of the Dutch Hosting Provider Association (DHPA)
  • The i3D.net management has over 10 years of experience in the industry

SpamExperts | MailEdge.net Top Software Updates 2nd Quarter 2016

June is coming to an end and so is the second quarter of 2016, meaning that it’s time for another Software Updates blog post. We’ve been hard at work adding new features and improving old ones, implementing new ways to combat spam, phishing attempts, and other such hazards.

Before we go in-depth, talking about what’s new in our software, Frontend/GUI, and Plugins & Integration, we want to thank our awesome development team for the great updates this quarter. Archive Indexing Upgrades

The SpamExperts email archiving product allows searching within not just the text content in emails, but also the message headers, text found in images attached to messages, and text in PDF and Microsoft Word attachments. Via the Control Panel, clients can now disable and re-enable indexing of each type of content via the archive “Settings” page for each domain. Custom Cluster Configuration

We have implemented new capabilities in the way we support server roles within the cluster. We now allow the use of multiple logging servers or quarantine servers when needed. This is especially useful on large clusters that use multiple servers for a single role to help with the logging and quarantining tasks. SSO for LDAP

As of June, we have added the possibility to use SSO against an LDAP server. Basically, what this entails is that email users can log in to the web interface using their credentials in the company’s own internal system, by authenticating against an LDAP server.

For more information about LDAP authentication, please check this article https://my.spamexperts.com/kb/738/LDAP-Syncronization.html. UI ImprovementsUpgraded Attachment Restrictions Page

The “Attachment Restrictions” page has received a few new features that will improve the user experience, such as the option to block potentially unwanted attachments and those messages that contain many defects. To better convey the functionality of the “Block dangerous attachments” option, we renamed it to “Block attachments that contain hidden executables”.

Furthermore, we’ve reorganised the “Blocked Extensions” section, so that it’s easier to work with. Locking Senders from the Control Panel

SpamExperts clients can now immediately lock the problematic user directly from the web interface so that they aren’t able to do any more damage while they contact them to resolve the problem.

For a step by step tutorial, please refer to our Knowledgebase article https://my.spamexperts.com/kb/731/Outbound-Spam-Monitoring.html. (check Locking senders based on the Identity header within the Control Panel chapter) New/Updated FeaturesVerify Domain Ownership

We’ve created a new method to verify ownership of a domain without implying that the control panel give access to all domain level users. For incoming filter, it’s pretty straightforward, but for outgoing, things got a little bit trickier. The new method simply lets a user (at domain level or higher) demonstrate that he/she controls the DNS for a domain, by adding a simple CNAME record. This functionality is found on the dashboard in the “Domains” section, under “Domain ownership”. In later updates, we will be making use of this functionality to provide secure and private access to the outgoing filter users’ mail at levels lower than super-user. Select Archived Message Download

There’s a new feature available for users to easily download a range of messages that match whatever search criteria they choose. The download will happen in the browser, and users will be delivered a .zip archive that contains the message in the standard RFC 5322 format. It’s the most convenient method of retrieving specific messages quickly, rather than using the more complex export functionality to get the bulk of messages, all at once. Exposed Statistics Page at the Admin Level

The “Manage Admins” page in the web interface has been updated to show admins and their sub-admins. A super-admin will be able to see a list of all admins and their related sub-admins in the cluster. Plugins and Integration

We have added documentation for a new plugin with HostBill, a leading Billing & Automation platform. Check this article https://my.spamexperts.com/kb/763/HostBill-Integration.html for details. Our partners at HostBill have provided the integration and are currently maintaining it to be as smooth as possible. The integration is aimed at two user levels, Reseller and Single User.

Significant improvement updates have been added to the APS 2.0 add-on, which can be viewed in the public GitHub https://github.com/SpamExperts/aps2-addon/blame/master/src/APP-META.xml.

We constantly seek new ways to maintain our products and deliver industry standard software and service. Any feedback is welcome as we aim to provide a tailored user experience for our clients, whilst effectively combating spam.

Real Time Web Analytics