PageFair Analytics Hacked on Halloween Night

PageFair, an anti-adblocking company which provides analytics for online publishers on who is using an adblock while visiting their websites, was recently attacked on Halloween in what appears to be a trojan masquerading as an Adobe Flash Update. More than 500 websites that use PageFair’s service had malicious JavaScript code execute on their websites after receiving popups prompting people that their Flash Player was out of date. shutterstock_156385835

What else is interesting about this attack is that it occurred for only 83 minutes, and in that time 500+ websites were affected. The CEO of PageFair, Sean Blanchfield, wrote a blog post the day after the attack which says “For 83 minutes last night, the PageFair analytics service was compromised by hackers, who succeeded in getting malicious javascript to execute on websites via our service, which prompted some visitors to these websites to download an executable file. I am very sorry that this occurred and would like to assure you that it is no longer happening.”

PageFair estimated that only 2.3% of the people who visited the affected sites would have been at risk of getting infected themselves. Although this particular attack seems to be over for now, there are still plenty of fake Flash “updates” out there which take advantage of people who don’t know what they’re clicking “Install” on. Don’t fall victim to popups on websites telling you that your Flash player or any other type of software is out of date and never download an .exe/.dmg file from these popups because you never know what it is you’re downloading onto your computer.

Source

The Worst Offenders in the Workplace

I found an interesting article online that said that the most tech-savvy staff in a workplace are the worst offenders. According to Intermedia, a staggering 93% of office workers “engage in some form of unsafe online habits that could jeopardize their employer or their customers.” I find this quite surprising since the article goes on to explain that most of the people who have access to company data and help keep it secure–IT personnel–are the ones that are actually taking advantage of the workplace’s resources and going against workplace policies. Some of the statistics are listed below:
intermedia-102015

  • 32% of IT professionals have given out their login / password credentials to other employees (compared to 19% across all respondents)
  • 28% of IT professionals said they have accessed systems belonging to previous employers after they left the job (compared to only 13% among all respondents)
  • 31% of IT professionals said they would take data from their company if it would positively benefit them – nearly three times the rate of general business professionals.

On top of these numbers, 41% of employees will install apps on their work computers without consulting their IT department. With these kinds of activities going on, it’s quite obvious how data breaches, compliance failures, and data loss occurs.

Some additional things I’d like to note here is that last bullet mentioned above. 31% of IT professionals admitting to taking data from their company to benefit them. If that’s the case, businesses will have a much harder time picking out the right, and most importantly, trustworthy IT professional to handle and secure all of that sensitive information.

Source

Scamming Through Social Engineering

Before I begin I have to say that these are becoming a favorite of mine now, so here’s yet another tech support scam. This one is quite different though because it disguises under Apple’s remote assistance website (www.ara.apple.com) where users go when they have an issue with their Apple computer and want to have a technician troubleshoot it using a service such as LogMeIn or TeamViewer. This scam is registered to a domain similar to Apple’s official remote assistance website (www.ara-apple.com) and tricks the visitor of the site into calling a phone number which presumably connects them to a scam center in India.

Safari_alert

This tactic isn’t particularly new as there are many websites that tell the user to call a number or visit a website to “seek assistance”, but this one is different in the way that the bogus Apple assistance website the user visits starts providing them with .dmg downloads that they need in order to “begin the troubleshooting process”. It only gets worse from there as the user starts downloading malicious programs onto their computer and most likely does more damage to it than before. So much for assistance.

asddasdasd

What’s also pretty funny is that the website is registered to some guy in Delhi, India and he used GoDaddy to register it. Malwarebytes, the organization which initially posted about this site just yesterday, reached out to GoDaddy in hopes of getting the site down.

Source

Yet Another Tech Support Scam…

So there’s another “tech support” scam going around on the internet and it’s quite ridiculous so I thought I’d share a blog post about it this week. In this one, a user visits a certain website and is told that they need to enter a “safe key” which will unlock their browser in order to continue using it. The instructions are pretty unclear other than that the user has to call a phone number to obtain this so-called “safe key”.

scam

But wait, it gets better! Not only do these “attackers” lock your browser using a bit of JavaScript to make the pop-up appear, but they also appear to have put the exact “safe key” that stops their own scam into a script which can easily be viewed by looking at the page’s source. passkey2

The fact that the JavaScript function’s name is “lol()” makes it quite clear that these attackers probably made this attack pretty quickly and didn’t really have anything in mind other than to annoy the visitor of their website and have them call a bogus number and get the unlock key, which sits in the site itself the entire time. Also, they seem to believe that it’s pretty funny too?

Source

T-Mobile Data Breach Affects 15 Million

This past Thursday, Global informational services group Experian announced that one of its clients had been involved in a massive data breach, T-Mobile. The data that was part of this breach involved personal information for over 15 million customers and applicants in the United States who may have applied for T-Mobile’s service. t-mobile-office

The CEO of T-Mobile John Legere released a letter to consumers that explained the breach in more detail and goes on to say that “Experian has assured us [T-Mobile] that they have taken aggressive steps to improve the protection of their system and of our data”. Upon finding out about the breach, Experian said that it took immediate action and secured the server, initiated a comprehensive investigation, and notified U.S. and international law enforcement.

With data breaches happening so often nowadays to all types of companies, it’s hard to think that any of our data is safe anymore.

Source

1.5 Million U.S. Medical Records Exposed on Amazon’s Web Servers

In recent news, 1.5 million American people had their health records along with their names, addresses, and phone numbers to be found in the open on Amazon’s web servers. At the moment, it is unknown how exactly the information was uploaded, but it is clear that it was stored in a SQL database. The breach was reported to Systema Software by a person from Texas.

scrubs

According to TheRegister.com, one million social security numbers, five million financial transactions, and over 100,000 injury reports had been exposed. It’s quite scary knowing that people will probably be searching for more than just the latest iPhone on Amazon now…

Source

U.S. and China Working on Cybersecurity Peace Treaty

Just recently, the United States and China have come to an agreement that both nations will not “use any sort of cyberweapons to cripple each other’s critical infrastructure.” Both the U.S. and China are known for their persistent attacks on one another in cyberspace and the feud has been ongoing for a number of years already.

hacker-keyboard-2-970x0

The deal, which should be in place by this Thursday September 24th, would put a sort of “barrier” between the two nations and their cybersecurity threats. U.S. President Barack Obama is set to meet with Chinese president Xi Jinping in Washington to discuss the deal in more detail this week.

Source