May 19, 2017 – Steve Weisman’s latest column for the Saturday Evening Post on ransomware

Ransomware is of increasing concern to everyone in the wake of last week’s massive ransomware attack.  Here is a link to my column from the Saturday Evening Post that tells you exactly what you can do to protect yourself from this threat.

Con Watch: 6 Steps to Protect Yourself from Ransomware

Scam of the day – Mary 19, 2017 – WiFi networks at Mar-a-Lago vulnerable

A recent report by ProPublica and Gizmodo has found security vulnerabilities in the WiFi networks at Mar-a-Lago, the resort often visited by President Trump as well as a number of other Trump destinations including the Trump National Golf Club in New Jersey, Trump International Hotel in Washington D.C. and Trump National Golf Club in Virginia.  According to the report, “Our inspections found weak and open WiFi networks, wireless printers without passwords, servers with outdated and vulnerable software and unencrypted login pages to back-end databases containing sensitive information.”  As would be expected the White House is not commenting on this report other than to indicate that these locations follow cybersecurity best practices.  However, the important lesson to us all is to remind us that public WiFi is never secure. However, with some precautions it can be made safer.

TIPS

Whatever electronic device you are using to connect to a WiFi network, whether it is a computer, laptop, tablet or smartphone should be equipped with security software.  In addition, you should use encryption software so that your communications are encoded.  You also should go to your settings and turn off sharing.  In addition, you should make sure that your firewall is current and turned on.  Finally, and perhaps most importantly, you should consider using a Virtual Private Network (VPN) which enables you to send your communications through a separate and secure private network even while you are on a public network.

May 18, 2017 – Article from Spiceworks.com regarding the WannaCry ransomware attack

Here is a link to an article from Spiceworks.com in which I am quoted about the recent WannaCry ransomware attack.

https://community.spiceworks.com/topic/1995850-experts-stolen-nsa-exploit-behind-wannacry-is-the-first-of-many?source=navbar-community-notifications

Scam of the day – May 18, 2017 – DocuSign phishing scam

DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures used by many businesses.  Recently DocuSign suffered a data breach in which its customer email data base was hacked.  Shortly thereafter, many DocuSign customers received phishing emails designed to appear as if they were legitimate DocuSign communications and requests the person receiving the email to download an attached Word document.    However, anyone downloading the attachment would also have unwittingly downloaded malware.

TIPS

Never click on a link or download an attachment regardless of how legitimate the email or text message may appear until you have confirmed that the message is legitimate.

You can never be sure when you receive an email as to who is really contacting you.  Although sometimes it is obvious when the email address of the sender does not correspond to who is represented as sending the email, but other times, such as in this case, the email account of someone or some company you trust could have been hacked and used to send you the malware.  Therefore you should never click on a link or download an attachment in an email until you have absolutely and independently confirmed that it is legitimate.

Scam of the day – May 17, 2017 – Pirates held for ransom

Although the headline may seem a little odd, what it is referring to is another data breach at a major Hollywood movie studio, in this case Disney, where the latest sequel in the successful Pirates of the Caribbean movie series has apparently been stolen through a data breach and the hacker is demanding a ransom which Disney is refusing to pay.  If the ransom is not paid, the hacker has indicated he will release the movie online in advance of the Theatrical release date of May 26th.

This latest incident comes on the heels of the hacker known as thedarkoverlord,  posting nine episodes of the popular Netflix original series, “Orange is the New Black on a publicly available file a few weeks ago as I reported to you on Scamicide at the time.  This type of extortion can only be expected to grow as hackers attack the weakest links in movie and television program development.

TIPS

If the movie is posted online I strongly urge you not to download it.  In addition to the morality and ethics of not participating and encouraging this type of crime, you also run the risk of downloading various types of malware including ransomware and keystroke logging malware that can lead to your becoming a victim of identity theft if you go to these rogue websites.

Scam of the day – May 16, 2017 – Louisiana churches targeted by scammers

I have long been warning you about the Business Email Compromise scam which is costing unwary companies including Amazon and Facebook a billion dollars in just the last year according to the U.S. Secret Service.  At its essence the scam  most often involves a business receiving an email that appears to come from a corporate officer or someone with which the company does business requesting a payment be wired for an apparent legitimate bill or purpose.  Now the threat is spreading to churches. Louisiana’s Bossier Financial Crimes Task Force is warning churches that the scam has been used to victimize local churches that have received what appear to be emails from their pastors asking them to wire money to accounts and people named in the emails.  In these particular instances in Louisiana, the emails come from email addresses that appear at first glance to be that of the pastors, but a closer inspection will disclose that it is coming from a different email provider than the pastor uses.

TIPS

The Business Email Compromise scam is being used effectively against businesses, but as indicated by the attacks on the Louisiana churches, its use is spreading to churches and can be expected to spread further to being used to target other organizations and even individuals.  The key to protecting yourself, your company or your organization from this scam is to first be skeptical whenever you get a request to wire money because once money has been wired, it is gone forever which is why it is a favorite method of payment for scammers.  The second thing that we all should do is to confirm the legitimacy of any payment request before making payments of any kind.

Scam of the day – May 15, 2017 – Macs being hit with malware attacks

What’s up Doc? More precisely, it should be What’s up Dok for our purposes because Dok is the name of what has been described by security company CheckPoint as the first “major scale” malware specifically targeting all versions of the macOS that when downloaded on to your computer can enable the hacker to take control of your system.

Dok is delivered, as so many strains of malware are, as a zip file attached to a phishing email that you are lured into downloading.

While the Windows operating system is still the prime target of malware creating hackers, attacks on Macs are dramatically increasing.   According to a report by McAfee Labs, attacks targeting Macs increased last year by 744%.  Where formerly, Mac users could feel safer than Windows users as to their susceptibility to malware attacks, Mac users can no longer afford to be complacent in regard to their computer security.

TIPS

The single best thing you can do to protect yourself from these types of malware attacks is to follow the rule of never clicking on links or downloading attachments from anyone until you have confirmed that they are legitimate.

Scam of the day – May 14, 2017 – Important security updates

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats. as we have seen with the massive ransomware attack of Friday. Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  This has been a particular busy week for security updates including updates for Microsoft, Mozilla, Google Chrome and, of course, Adobe Flash.

TIPS

Here are links to these important security patches.

https://technet.microsoft.com/en-us/library/security/4022344.aspx

https://www.us-cert.gov/ncas/current-activity/2017/05/05/Mozilla-Releases-Security-Updates

https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html

https://www.us-cert.gov/ncas/current-activity/2017/05/09/Adobe-Releases-Security-Updates

As I have indicated previously many times, it may well be time for you to consider replacing Adobe Flash to avoid future problems with this useful, but outdated and vulnerable software.

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/

while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

 

May 13, 2017 – Urgent update about massive ransomware attack

Yesterday a massive ransomware attack targeted computers in seventy-four countries including the United States, the United Kingdom, Russia, China, Spain, France and India.   The strain of ransomware used is called WannaCrypt and it was developed to take advantage of a Microsoft Windows Operating System flaw called EternalBlue which was made public by hackers of the National Security Agency.   This ransomware is available in 28 languages.

This is a problem that should not have happened for many reasons.  The particular Microsoft vulnerability that this ransomware exploits has been patched, but some companies, government agencies and individuals had not yet installed the patches when they had become available recently.  In addition, many of the affected computers were using outdated Windows operating systems, such as Windows XP which are no longer regularly updated with new security patches.  These older unsupported systems should not be used by anyone.  Microsoft has taken the unprecedented step of providing security patches for these unsupported systems now in addition to its already issued security updates for presently supported Microsoft programs.  Here is a link to an important memo from Microsoft with links to free security updates if you are still using one of those older operating systems.

Customer Guidance for WannaCrypt attacks

TIPS

This ransomware attack was primarily launched using phishing emails to lure unsuspecting people into clicking on links or downloading attachments tainted with the Wannacrypt ransomware.  As I am constantly reminding you, never click on links or download attachments until you have confirmed that they are legitimate.

You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically.

As for protecting yourself specifically from ransomware, you should back up all of your data in at least two different platforms, such as in the Cloud and on a portable hard drive. Companies and agencies which can afford to do this, should also use Whitelisting software which prevents the installation of any unauthorized computer software programs.

Unfortunately, this is not going to be the last time that you learn about this type of story.

Scam of the day – May 13, 2017 – Air Force invites white hat hackers

Beginning May 15th white hat hackers can enroll in the “Hack the Air Force” event sponsored by the U.S. Air Force, which will be managed by HackerOne which operates numerous white hat hacking programs for many major companies and the United States government.  White hat hackers from the United States, the UK, Canada, Australia and New Zealand are eligible to participate in this program under which the Air Force will pay a bounty for vulnerabilities identified.  In a previous “Hack the Pentagon” program $75,000 in prizes was paid out to successful white hat hackers.

For many companies and government agencies, bug bounty programs such as this are a valuable way to obtain critical information necessary to increase their computer security.

TIPS

If you are interested in registering for the “Hack the Air Force” program, you can register by going to the website of HackerOne at this link after May 15th  https://www.hackerone.com/resources/hack-learn-earn

The actual competition will start on May 30th.