Bogus Invoices produced by Dropbox Phishing campaign

Scottsdale, AZ – November 14, 2016: Yet again, Cloud storage giant Dropbox wreaks security related troubles through a malware-based phishing blast that attempts to impersonate itself as a Dropbox notification email.

According to AppRver an email and web security firm, the phishing email alerts the recipient that they’ve must download an invoice file via a link provided in their email. The message claims that the invoice is for work completed for language translation.

“The download link within the message is an exploited SharePoint URL where the .zip file is stored. From the live samples we’ve seen, it appears that this is an isolated source of the malware and that it hasn’t spread to other SharePoint sites,” AppRiver said in a report.

In a recent report shared with Infosecurity,  Tools and Osterman Research said that phishing campaigns like this one are up several hundred percent this year—and all too often, those campaigns are delivering ransomware.

The report said that 51% of C-level and IT execs have experienced between one and five phishing or ransomware incidents in the past year, while nearly a quarter have experienced six or more. There are now 4,000 ransomware attacks occurring daily, a 300% increase from 2015, the report found.

For information on how to get rid of malware, visit www.jupitersupport.com or call 1-800-860-8467.

0 votes, 0.00 avg. rating (0% score)
Posted in General | Leave a comment

Cybercrime to surpass $6 Trillion by 2021: Cybersecurity Ventures

Scottsdale, AZ – November 14, 2016: A report by information-security analyst firm, Cybersecurity Ventures, estimates that cybercrime will double within just five years, reaching $6-trillion annually by 2012, up from an expected $3-trillion this year.

“One of the reasons that cybercrime damage is rapidly on the rise is because of everything that is computerized and connected to the Internet,” said Rohit Pillai, tech support analyst with Jupiter Support, an online remote tech support organization.

Other key findings in the report include:

  • By 2020, the dramatic increase in the number of people and devices connected to the Internet will need 50 times the protection than it needs today

  • The number of points at which an attacker can target is expected to grow ten times larger over the next five years.

  • There is no effective law enforcement against financial cybercrime today.

The best way to protect yourself against the rising tide of cybercrime is to be prepared. Visit www.jupitersupport.com for more information.

0 votes, 0.00 avg. rating (0% score)
Posted in General | Leave a comment

Disabling Cortana is still possible with Windows 10 Anniversary Updates

Scottsdale, AZ – November 14, 2016: Disabling Cortana is now not as simple as it was. This is because the toggle switch has been removed with the Windows 10 Anniversary Updates. It has to be manually disabled through the registry editor, Jupiter Support, a remote tech support organization said.

Jupiter Support lays out the manual process to disable Cortana, as follows:

  1. Press the Windows button and R on your keyboard to open the Run window

  2. In the window, type regedit and click OK

  3. Using the path tree in the left of the Registry Editor – navigate to the following path

      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows S

  1. if you do not have the ‘Windows Search’ path you will need to create by following these steps

  2. Right-click on the ‘Windows’ path click on ‘New’ then ‘Key’

  3. Enter the name – Windows Search

  4. Right-click on the ‘Windows Search’ path and click on ‘New’ then‘DWORD (32-bit) Value’

  5. Enter the name – AllowCortana

  6. The default value should be 0 (zero) – if it is not – double click on it and set it to 0

  7. Restart the computer and standard non-Cortana search will be back again.

For more Windows 10 tips and tricks, visit www.jupitersupport.com or call 1-800-860-8467.
0 votes, 0.00 avg. rating (0% score)
Posted in General | Leave a comment

Instapaper now free for everyone

Instapaper is dropping its monthly subscription and will begin offering its service ad-free to all users. All of Instapaper’s Premium features, including full-text article searches and speed-reading, will also be opened up to everyone.

This is a big shift for Instapaper, and one that’s clearly driven by its recent acquisition by Pinterest. Before today, Instapaper offered a $2.99 per month (or $29.99 per year) subscription to support itself. But in doing so, it placed some of the service’s unique and helpful features behind a paywall, making it harder to stand out from its much-loved competitor, Pocket.

In opening those features up to everyone, Instapaper starts presenting a more compelling offering. It’s now including various features for free — like full-text searches and ad-free browsing — that Pocket charges for. The services are more-or-less equivalent, so that might be enough to win over people undecided on which read-it-later app to start using.

The app has gone through several different business models — free with ads, paid only, paid with optional subscription, free with optional subscription — and gone through three different owners -its founder, then Betaworks, now Pinterest. If subscriptions were bringing in a meaningful amount of revenue, Pinterest probably would have let them be.

Pinterest says it has “no new monetization plans to share at this time” for Instapaper. The decision to drop subscriptions, Pinterest says, was simply a matter of the app being “better resourced,” so that it can “offer everyone the best version.” Those resources may be Instapaper’s best chance at taking on Pocket.

0 votes, 0.00 avg. rating (0% score)
Posted in General | Leave a comment

Election hacking FAQs

From Hillary’s vulnerable email server to the string of Russia-linked email dumps, digital security has been one of the major forces driving the news. So far, all the hacks have been about information — in their way, not so different from October Surprises and smear campaigns of previous elections — but they raise an even more troubling question. With allegedly state-sponsored hackers already playing an active role in the campaign, could the integrity of voting itself be at stake?

Voting machines

Voting machines are terrible in basically every way. They’re expensive, old, prone to failure, and unpleasant to look at, but they’re also not that hard to break into. Computer scientists have been demonstrating that for at least 10 years, generally by physically cracking open the machines and installing election-rigging software. Election boards have been slow to respond, and the demonstrations have just gotten better as the years go by.

Voter data

This year has already seen attacks against voter registration systems in Arizona and Illinois, with the latter attack bringing down the system for 10 days and stealing data on as many as 200,000 voters. If an attacker went farther, actively erasing certain voters from the rolls, it could easily cause havoc on election day.

The good news is that, like the voting machines, rolls are distributed. Hackers might compromise the election board’s version of the voter registration list, but there would be plenty of other evidence that each voter was registered, including previously distributed voter rolls and actual registration forms.

0 votes, 0.00 avg. rating (0% score)
Posted in General | Leave a comment

LinkedIn can now help you determine the salary you deserve

LinkedIn recently introduced a new tool called LinkedIn Salary that aims to help users learn more about the salaries in their industry and how making changes to their current career impacts how much they make.

When you enter a job title and a city, the tool brings results of the median earnings individuals with that job title in the city you selected. Besides base salary, it also takes into account other forms of compensation, like bonuses and stock options.

LinkedIn, which is increasingly focusing on a data-driven approach to its services, will also let you dig into the salary data so you can get a better idea of how different factors impact salaries in a given field. For example, it will show how salaries for a given role vary by company, as well as how company size and education level impact earnings.

LinkedIn is not the first company to try to bring more transparency to salary information — Glassdoor has a similar product for helping people determine whether they are being paid fairly — but the company says it is more focused on helping its users maximize their potential rather than assessing fairness or whether a particular salary is competitive.

Instead, the goal of all of this, LinkedIn says, is to “help professionals around the world make better career decisions and optimize their earning potential now.” And the company says we can expect to see it integrate salary information into more parts of its network in the future (LinkedIn Premium users will also see salary details in the site’s job search results.) LinkedIn Salary is available to all the site’s users, though those who don’t subscribe to a paid tier will need to first enter their own salary before they can access all of the information.

0 votes, 0.00 avg. rating (0% score)
Posted in General | Leave a comment

Google rebuked for disclosure of Windows Bug

Google on Monday posted to the Internet a previously unpublicized flaw that could pose a security threat to users of the Microsoft Windows operating system.

Google notified both Microsoft and Adobe of zero day vulnerabilities in their software on Oct. 21, wrote Neel Mehta and Billy Leonard, members of Google’s Threat Analysis Group, in an online post.

Google has a policy of making critical vulnerabilities public seven days after it informs a software maker about them. Adobe was able to fix its vulnerability within seven days; Microsoft was not.

“This vulnerability is particularly serious because we know it is being actively exploited,” wrote Mehta and Leonard.

However, Google’s Chrome browser prevents exploitation of the vulnerability when running in Windows 10, they added.

“We disagree with Google’s characterization of a local elevation of privilege as ‘critical’ and ‘particularly serious,’ since the attack scenario they describe is fully mitigated by the deployment of the Adobe Flash update released last week,” Microsoft said.

After cracking a system, hackers typically try to elevate their privileges in it to obtain access to increasingly sensitive data.

“Additionally, our analysis indicates that this specific attack was never effective against the Windows 10 Anniversary Update due to security enhancements previously implemented,” Microsoft noted.

The Windows vulnerability Google’s team discovered is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape triggered by a win32k.sys call, according to Mehta and Leonard.

The sandbox in Google’s Chrome browser blocks win32k.sys calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of the sandbox escape vulnerability, they explained in their post.

Google’s decision to release details of the vulnerability before Microsoft had a chance to get out a fix has surfaced a long-standing debate over responsible disclosure. Many security researchers have long held that vendors should be given a reasonable shot at fixing reported flaws in their products before details of the vulnerability are publicly disclosed.

Others, especially bug hunters, have said the only way to get some vendors to address security issues quickly is to give them a tight deadline for fixing the issues and to threaten them with public disclosure if they don’t.

The latest incident shows why some sort of regulatory requirement is implemented to guide disclosure practices, said Udi Yavo, chief technology officer and co-founder at security vendor enSilo.

“The Google-Microsoft disclosure dispute is yet another example of why the 90-day window for vulnerability disclosure that has been industry practice for some time should be an actual regulatory requirement,” he said in an emailed statement.

The legislation should spell out the grace time that is available for vendors that are not able to meet the 90-day window and the consequences for violating these rules

0 votes, 0.00 avg. rating (0% score)
Posted in General | Leave a comment

Yahoo Hack: Whodunnit

A week has passed since Yahoo was subjected to the worst data breach in history. Yet, there have been no profound details made known about who nabbed info on 500 million email accounts remain sketchy.

At least one firm says it wasn’t a “state-sponsored actor” as Yahoo claimed, but like many things related to hacks, cybersecurity and the dark web, even that claim is impossible to verify.

“The group responsible for the Yahoo hack are cybercriminals,” said Andrew Komarov, chief intelligence officer at InfoArmor. The company posted a report on Wednesday detailing the involvement of “Group E,” a hacking syndicate that InfoArmor says it has been monitoring in dark corners of the internet for some time.

The FBI is currently investigating the data breach but hasn’t put forward a theory publicly about who is behind it.

“We take these types of breaches very seriously and will determine how this occurred and who is responsible,” the FBI said in a statement.

Komarov said InfoArmor was able to obtain “a pretty large sample of the database” of stolen email addresses, encrypted passwords and other personal information. With the permission of people whose information was caught up in the hack, the company checked the database and found it corresponded with real Yahoo accounts from 2014.

Details of the breach were confirmed shortly within weeks of the Democratic National Committee’s emails being hacked, exposing the Democrats’ attempt to smear former presidential candidate Bernie Sanders.

Other large-scale company security breaches include Dropbox, which announced earlier this month that 68m users’ accounts were compromised in 2012, representing two thirds of its customer base. Some 167m LinkedIn users’ account details were leaked the same year.

Sony Pictures Entertainment also suffered an attack with around 47,000 social security numbers of current and former employees leaked online, including those of actors and freelancers.

This year, around 37m users of Ashley Madison, a site to facilitate extramarital affairs, were hacked. More than 400m MySpace accounts were compromised in July, the second largest breach in history.

0 votes, 0.00 avg. rating (0% score)
Posted in General | Leave a comment

Windows 10 now active on 400 million devices

There have been more than enough questions raised about how many device upgrades the company has actually logged in the last phase of its rollout. In July, the company declared 350 million people had upgraded to or were using Windows 10. Now, after the conclusion of its Get Windows 10 campaign, Microsoft declared it has more than 400 million customers using the OS.

Microsoft is expected to get another substantial bump to total Windows 10 usage figures once it rolls that OS out on Xbox One on November 12. Total uptake has been significantly faster than Windows 7, which took an additional seven months to hit the 400 million mark, according to data.

The free Windows 10 upgrade has been blamed for some of the continued softness in the PC market. The OS even remains available for free if you know where to look - but it’s too early to tell if ending the giveaway will spark any kind of uptick in PC sales. Given the trends of the last five years, there’s not much chance the consumer space has bottomed out yet. Increased sales of boutique gaming systems and 2-in-1s have not been sufficient to offset the general decline in shipments.

Despite Microsoft’s assurances about Windows 10, not everyone is happy with the new operating system, which Microsoft recently began updating with the rollout of the Windows 10 Anniversary Update. Ongoing complaints have emerged regarding compatibility and reliability issues, which is likely to explain why Microsoft is phasing in the anniversary update over a period of three months so it can continue testing throughout the process.

The latest build also addressed a problem that caused some Windows 10 apps, including the calculator, alarms and clock, not to work after updates to a new build, Sarkar said. She added that Microsoft is continuing to investigate some other issues that arose with a recent developer version of Windows 10 for Mobile. She said that a new build will be delayed until those problems, which affected the pin pad display and SIM card usage, are resolved.

0 votes, 0.00 avg. rating (0% score)
Posted in General | Leave a comment

An unknown state may be running drills for taking down the entire internet

It seems as though there is single body out there carrying out a systematic attempt to test the defenses of the internet’s fundamental infrastructure, presumably with the intention of one day breaking those defenses.

While the sources for the article are anonymous, they hardly need naming since Schneier makes it clear that his research has collected insight from virtually all major internet companies, from large service providers like AT&T all the way to organizing bodies like Verisign or potentially even ICANN itself. Somebody is searching for weaknesses in the sorts of places that many assume you’d only attack for one reason: crashing all or a large portion of the internet.

The basic narrative is this: Schneier has been hearing sustained, widespread reports from fundamentally important internet companies that they are experiencing a marked uptick in certain kinds of attacks, in particular Distributed Denial of Service (DDoS) attacks. These have been not only getting stronger, longer lasting, and more diverse, but they’ve been moving in seemingly systematic, investigatory ways. Schneier describes a scenario in which attackers sent predictable probing attacks against successively higher levels of security until it had tested everything, apparently being exhaustive in their search for failure points.

One important aspect of these attacks is their power and frequency, implying enormous resources at the disposal of the attacker and strongly indicating a nation-state as the culprit. Schneier name-drops both China and Russia as the most likely culprits (China most of all), but he can’t say for sure. In addition to the sheer volume of the attacks, however, is their variety, forcing defenders to roll out their full complement of defenses. This could be interpreted as an attempt to get defenders to “bare all,” and make their full defensive capabilities known. Corero director Sean Newman said the attacks his company has seen are short and “sub-saturating,” likely meant to slowly approach and find the target’s exact maximum traffic capacity.

0 votes, 0.00 avg. rating (0% score)
Posted in General | Leave a comment