Scam of the day – September 26, 2017 – North Korea hacking Bitcoin exchanges

A recent report of security company FireEye disclosed that North Korea’s state operated cybercriminals have moved beyond their attacks on individual companies and the international banking system to cryptocurrency exchanges.  Cryptocurrency is the name for digital currencies first created in 2009 that have become increasingly popular. Perhaps the most well known cryptocurrency is Bitcoin.

FireEye reported about continuing cyberattacks on cryptocurrency exchanges that began earlier this year.  As with so many computer crimes, the attacks begin with spear phishing emails carrying malware that when downloaded enabled the hackers to steal from individual accounts.

It can be expected that these attacks will increase.  In fact, my prediction is that while there is little likelihood of a missile attack by North Korea on the United States in the foreseeable future, we can well expect a significant increase in cyberattacks by North Korean cybercriminals on vulnerable American companies, financial institutions and even governmental agencies.

TIPS

Bitcoins and other cryptocurrencies are popular with many people due to the anonymity involved with cryptocurrency transactions as well as the lack of fees involved in their use.  However, digital currencies, just as everything else tied to computers carry inherent vulnerabilities.  The best ways to avoid problems is to take particular care in choosing where you store your Bitcoins online.  Many Bitcoin exchanges have had security breaches and will always be a prime target for hackers.  Additionally, you should use not just a strong password, but also dual factor authentication to provide greater security, encrypt your wallet and backup your entire wallet.  Finally, make sure that your Bitcoin software is updated with the latest security patches as soon as they become available.

Scam of the day – July 9, 2015 – Spyware company hacking leads to discovery of critical new Adobe Flash flaw

It was only a week ago that I told you about a critical vulnerability in the popular Adobe Flash software so many people use for viewing videos.  Now following the embarrassing hacking and data breach at the Italian spyware company Hacking Team which sells spyware to governments, it has been learned that among the 400 gigabytes of files, source code and emails stolen and made public was source code for Adobe Flash software that can be and has been exploited by hackers to take control of computers running Adobe Flash.  Unlike the previous Adobe Flash flaw, which was discovered by security company FireEye, which notified Adobe in timely fashion to enable them to produce a security update, the new flaw discovered by Hacking Team had been kept secret by them which allowed them to exploit the vulnerability with its own spyware.  Since the time of the making public of this software vulnerability, enterprising hackers have already started selling kits on black market websites to other hackers that enable them to hack into computers running Adobe Flash.   Everyone using Adobe Flash is extremely vulnerable to identity theft and having their computer data stolen.

TIPS

Adobe Flash has been a constant target of hackers and some people are just choosing to disable it and use other video viewing software.  Some alternatives include LightSpark, Unity Web Player, GNU Gnash, and Silverlight.  Silverlight can be downloaded directly from the Microsoft website.  Adobe Flash has just released a security patch to fix the flaw.  Here is a link to the critical security patch to fix your Adobe Flash software: https://www.us-cert.gov/ncas/current-activity/2015/07/08/Adobe-Releases-Security-Updates-Flash-Player

 

Scam of the day – July 1, 2015 – Critical Adobe Flash update

Adobe Flash software is a highly used video software program so it should be of little surprise that it is highly scrutinized for vulnerabilities by hackers who exploit these vulnerabilities to gain access to their targets computers.  Unpatched vulnerabilities in Adobe Flash software were exploited by Russian hackers who hacked into the White House and State Department computer systems.  Recently, the security firm FireEye found attempts to attack aerospace, defense, construction, technology and telecom companies by exploiting a flaw in Adobe Flash uncovered by FireEye.  FireEye promptly notified Adobe which promptly created a patch for the problem.  A link to the patch can be found below.

The problem is that hackers are now distributing kits on black market websites that enable other hackers to exploit this vulnerability on computers that have not been updated and all too often individuals and companies fail to update their software in a timely basis.  Already this flaw is being exploited by hackers as a way of getting victims to download Ransomware on to their computers.  As I have written about many times before, Ransomware encrypts and locks your computer data.  The hacker then threatens to destroy the data unless a ransom is paid immediately.

TIPS

Businesses, government agencies and individual computer users must make it a priority to install the latest security patches and updates as soon as they become available.  Time after time, companies, government agencies and individual computer users have become victims of devastating computer hacks that they could have easily avoided had they promptly updated their software with the latest security patches and updates as soon as they became available.  Don’t make this mistake.  Here at Scamicide we regularly provide you the links to the latest security patches.

Here is the link to the latest Adobe Flash security update:  https://helpx.adobe.com/security/products/flash-player/apsb15-14.html

Scam of the day – November 14, 2014 – Watch out for a “Masque Attack”

FireEye, a cybersecurity firm announced this week that they had identified a serious flaw in Apple’s iPhone operating system that makes most iPhones and iPads extremely vulnerable to being hacked and data being stolen.  The vulnerability, is being called “Masque Attack” and was first discovered by FireEye in July, but was first made public by FireEye this week when the first attempts to exploit the vulnerability by hackers was discovered.  Hackers attempted to exploit the vulnerability through the use of malware deemed “WireLurker.”  Presently, Apple’s iPhone operating system permits a malicious app that uses the same bundle identifier as that of a legitimate app to replace the legitimate app on the victim’s iPhone or iPad while retaining the data from the replaced legitimate app.  Thus the hacker can make it appear that the victim’s bank app, for example is still installed, when in fact it has been replaced by this malicious app and steal account information, passwords and other sensitive data which can easily lead to identity theft.  A Masque Attack occurs when the victim downloads a tainted app that may appear to be that of a popular game or some other apparently innocuous app.  Once installed, the victim does not know that he or she has replaced legitimate apps on the phone or tablet with the malicious app.

TIPS

Users of iPhones and iPads can protect themselves by taking simple precautions.  First, do not install apps from any source other than Apple’s official App Store.  This is always good advice because you can never be sure of the security of apps that come from sources other than the official app stores.  When opening any app, if the iPhone or iPad operating system indicates “Untrusted App Developer,” click on “Don’t Trust” and immediately uninstall the app.